CompTIA Network+ (N10-007)

Exam Content
Content Outline
CompTIA Network+ N10-007 has been updated and reorga-
nized to address the current networking technologies with ex-
panded coverage of several domains by adding:
1. Critical security concepts to helping networking profession-
als work with security practitioners
2. Key cloud computing best practices and typical service
models
3. Coverage of newer hardware and virtualization techniques
4. Concepts to give individuals the combination of skills to
keep the network resilient
The following topics are general guidelines for the content likely
to be included on the exam. However, other related topics may
also appear on any specific delivery of the exam. To better re-
flect the contents of the exam and for clarity purposes, the
guidelines below may change at any time without notice.
1.0: Networking Concepts (23%)

2.0: Infrastructure (18%)
3.0: Network Operations (17%)
4.0: Network Security (20%)
5.0: Network Troubleshooting and Tools (22%)
9
CHAPTER 1
NETWORKING CONCEPTS
Questions 1-38
Question 1. You are responsible to install a new wired network

that allows for network expansion with the least amount of dis-
ruption for the current network users. Which of the following
network topologies would you choose?
(A) Star Topology
(B) Bus Topology
(C) Ring Topology
(D) Wireless Mesh Topology
Question 2. Given the Decimal mask: 255.255.192.0. Which of

the following is the equivalent to Binary mask?
(A) 11111111.11111111.11111111.11100000
(B) 11111111.11111111.11000000.00000000
(C) 11111111.11111111.11111000.00000000
(D) 11111111.11111111.00000000.00000000

(A) 11111111.11111111.11111111.11100000
10
(B) 11111111.11111111.11000000.00000000
(C) 11111111.11111111.11111000.00000000
(D) 11111111.11111111.10000000.00000000
Question 4. Given the Binary mask:

11111111.11111111.11111111.11110000. Which of the following is
the equivalent to Decimal mask?
(A) 255.255.255.128
(B) 255.255.240.0
(C) 255.255.255.240
(D) 255.255.255.254
Question 5. Which of the following subnet masks is the default

mask of the IP: 204.203.202.201?
(A) 255.255.255.0
(B) 255.255.255.255
(C) 255.0.0.0
(D) 255.255.0.0

mask of the IP: 55.44.22.11?
(A) 255.255.255.0
(B) 255.255.255.255
(C) 255.0.0.0
(D) 255.255.0.0
11
Question 7. At which two OSI layers can a switch operate?
(Choose two)
(A) Layer 1
(B) Layer 2
(C) Layer 3
(D) Layer 4
(E) Layer 5
(F) Layer 6
(G) Layer 7
Question 8. Which of the following addresses are not valid

Class A network IDs? (Choose all that apply)
(A) 1.0.0.0
(B) 5.0.0.0
(C) 140.0.0.0
(D) 127.0.0.0
(E) 195.0.0.0
(F) 9.0.0.0
Question 9. Physical network topology is a higher-level idea of

how the network is set up, including which nodes connect to
each other and in which ways, as well as how data is transmit-
ted through the network.
(A) TRUE
(B) FALSE
12
Question 10. Which of the following 802.11 wireless standards
operate on the 5GHz frequency band? (Choose all that apply)
(A) 802.11
(B) 802.11a
(C) 802.11b
(D) 802.11g
(E) 802.11n
(F) 802.11ac
Question 11. TCP doesn’t establish a session between the

sending and receiving hosts, which is why TCP is called a con-
nectionless protocol, while UDP establishes a mutually ac-
knowledged session between two hosts before communication
takes place.
(A) TRUE
(B) FALSE
Question 12. Given the following DNS Records, which one is

used to map hostnames to an IPv4 address of the host?
(A) CNAME
(B) AAAA
(C) NS
(D) A
13
used to point a domain or subdomain to another hostname?
(A) CNAME
(B) AAAA
(C) NS
(D) A
Question 14. Which of the following wireless topology is nor-

mally used to extend a wired LAN to connect wireless-capable
devices?
(A) Infrastructure wireless topology
(B) Ad Hoc Wireless Topology
(C) Wireless Mesh Topology
(D) Extend LAN Topology
Question 15. Which of the following is a computer network in

a defined area that links buildings and consists of multiple
LANs within that limited geographical area?
(A) Local-area Network (LAN)
(B) Wide-area Network (WAN)
(C) Metropolitan-area Network (MAN)
(D) Campus-Area Network (CAN)
Question 16. The protocol that uses the port 68 is called

_________________.
14
(A) DNS
(C) DHCP
(C) Telnet
(D) POP3
Question 17. Which of the following protocols uses the port 22

for its service?
(A) DNS
(B) HTTP
(C) SSH
(D) SMTP
Question 18. Which of the following protocols uses the port

53 for its service?
(A) DNS
(B) HTTP
(C) SSH
(D) SMTP
Question 19. A broadcast address is an IP address that you

can use to target all systems on a subnet or network instead of
single hosts.
(A) TRUE
(B) FALSE
15
Question 20. Which of the following functions is the function
of ARP?
(A) Resolves hostnames to IP addresses
(B) Resolves IP addresses to MAC addresses
(C) Resolves MAC addresses to IP addresses
(D) Resolves IP addresses to hostnames
Question 21. Which of the following statements are true about

Bluetooth, NFC, and Z-Wave? (Choose all that apply)
(A) Bluetooth is based on the IEEE 802.15.1 standard
(B) Bluetooth uses the 3.4 to 3.485 GHz band
(C) Near-field communication transmits data through elec-
tromagnetic radio fields to enable two devices to communicate
with each other
(D) Near-field communication (NFC) is a long-range wire-
less connectivity technology that lets NFC-enabled devices
communicate with each other
(E) Z-Wave is a wired communication protocol
(F) Z-Wave essentially focus on connectivity within the
smart home
Question 22. You have been tasked to create a wired topology

so as each device in the network have to be connected to a
central device. Which of the following topologies will you im-
16
plement?
(A) Bus topology
(B) Star topology
(C) Mesh topology
(D) Ring topology

so as each device have to be connected with the two devices
on either side of it. Which of the following topologies will you
implement?
(A) Bus topology
(B) Star topology
(C) Mesh topology
(D) Ring topology
Question 24. Which of the following statements are consid-

ered advantages using Virtual Local Area Networks (VLANs)?
(Choose all that apply)
(A) With the creation of logical (virtual) boundaries, network
segments can be isolated
(B) VLANs reduce broadcast traffic throughout the network,
so free up bandwidth
(C) A VLAN can not pass the traffic to another VLAN
(D) VLANs can be used to build broadcast domains that
remove the need for costly routers
17
Question 25. You are installing a wireless network solution
that uses a feature known as MU-MIMO. Which wireless net-
working standard are you using?
(A) 802.11n
(B) 802.11b
(C) 802.11a
(D) 802.11ac
Question 26. Which of the following IEEE 802.11 Wi-Fi stan-

dards use the 2.4 GHz band? (Choose all that apply)
(A) 802.11
(B) 802.11b
(C) 802.11g
(D) 802.11a
(E) 802.11n
(F) 802.11ac
(G) 802.11ax
Question 27. Which of the following cloud services requires

the least amount of user management, as a service provider is
responsible for managing everything, and the end-user just
uses the software.
(A) Infrastructure as a service (IaaS)
(B) Platform as a service (PaaS)
18
(C) Software as a service (SaaS)
(D) Infrastructure as a service (IaaS) and Platform as a ser-
vice (PaaS)
Question 28. Network Address Translation (NAT) is designed

for IP address conservation. It enables private IP networks that
use unregistered IP addresses to connect to the Internet.
(A) TRUE
(B) FALSE
Question 29. Which of the following performance concepts

delays the flow of certain types of network packets in order to
ensure network performance for higher priority applications?
(A) Traffic shaping
(B) QoS
(C) CoS
(D) Diffserv
Question 30. Which of the following performance concepts is

the process of managing network resources to reduce packet
loss?
(A) Traffic shaping
(B) QoS
(C) CoS
(D) Diffserv
19
Question 31. Port __________ copies packets entering or exiting
a port or entering a VLAN and sends the copies to a local inter-
face for local monitoring or to a VLAN for remote monitoring.
(A) Copying
(B) Learning
(C) Trunking
(D) Mirroring
Question 32. Choose the shortest valid abbreviation for the

IPv6 address 5000:0400:0030:0006:
8000:0800:0010:0002.
(A) 5000:400:30:6:8000:800:10:2
(B) 5000:400:30:6:8000:8:10:2
(C) 5000:400::2
(D) 5:4:3:6:8:8:1:2
Question 33. A common use case scenario using

______________ cloud deployment method is that web ap-
plications or blog sites are deployed on hardware and resources
that are owned by a cloud provider.
(A) Public
(B) Private
(C) Hybrid
(D) Semipublic
20
Software-Defined Networking (SDN)? (Choose all that apply)
(A) SDN enables network behavior to be controlled by the
software that resides beyond the networking devices
(B) SDN simplifies provisioning and management of net-
worked resources, everywhere from the data center to the
campus or wide area network
(C) SDN separates the control plane management of net-
work devices from the underlying data plane that forwards
network traffic
(D) SDN reduces the complexity of statically defined net-
works
Question 35. Assuming you are working on a Windows envi-

ronment. Which command will you type to discover your NIC’s
MAC address?
(A) ipconfig/all
(B) netstat/all
(C) ping/all
(D) route/all
Question 36. The routing protocol that does not rely on peri-
odic advertisement of all the network prefixes in an au-
tonomous system is called _______________.
21
(A) RIP
(B) OSPF
(C) EIGRP
(D) BGP
Question 37. Which of the following is a proprietary protocol

from Cisco used to reduce administration in the switched net-
work?
(A) VTP
(B) SMTP
(C) FTP
(D) HTTP
Question 38. Which of the following protocols is used to re-

move redundant links between switches and build loop-free
Ethernet networks?
(A) Spanning Tree Protocol (STP)
(B) Loop-Free Protocol (LFP)
(C) Redundant Link Protocol (RLP)
(D) Redundant-Free Protocol (RFP)
22
Answers 1-38
Question 1. You are responsible to install a new wired network

that allows for network expansion with the least amount of dis-
ruption for the current network users. Which of the following
network topologies would you choose?
(A) Star Topology
(B) Bus Topology
(C) Ring Topology
(D) Wireless Mesh Topology
Explanation 1. Star Topology is the correct answer.

On a star topology, each of the nodes is independently con-
nected to the central hub, should one go down, the rest of the
network will continue functioning unaffected. With such a con-
figuration, a new device can be added to the network by at-
taching the new device to the hub or switch with its own cable.
This process does not disrupt the users who are currently on
the network.
Bus Topology and Ring Topology are incorrect because they

don’t allow network expansion without disrupting the existing
users.
23
Wireless Mesh Topology is incorrect because it isn’t a wired
network topology.

(A) 11111111.11111111.11111111.11100000
(B) 11111111.11111111.11000000.00000000
(C) 11111111.11111111.11111000.00000000
(D) 11111111.11111111.00000000.00000000
Explanation 2. 11111111.11111111.11000000.00000000 is
the correct answer.
There are only nine possible values in one octet of a subnet
mask as shown in the table below.
Binary Mask Decimal Number of

Octet Equivalent Binary 1s
0 0 0
10000000 128 1
11000000 192 2
11100000 224 3
24
11110000 240 4
11111000 248 5
11111100 252 6
11111110 254 7
11111111 255 8

(A) 11111111.11111111.11111111.11100000
(B) 11111111.11111111.11000000.00000000
(C) 11111111.11111111.11111000.00000000
(D) 11111111.11111111.10000000.00000000
Explanation 3. 11111111.11111111.10000000.00000000 is
the correct answer.
25
0 0 0
10000000 128 1
11000000 192 2
11100000 224 3
11110000 240 4
11111000 248 5
11111100 252 6
11111110 254 7
11111111 255 8
Question 4. Given the Binary mask:

11111111.11111111.11111111.11110000. Which of the following is
the equivalent to Decimal mask?
(A) 255.255.255.128
(B) 255.255.240.0
(C) 255.255.255.240
(D) 255.255.255.254
26
Explanation 4. 255.255.255.240 is the correct answer.

0 0 0
10000000 128 1
11000000 192 2
11100000 224 3
11110000 240 4
11111000 248 5
11111100 252 6
11111110 254 7
11111111 255 8

mask of the IP: 204.203.202.201?
(A) 255.255.255.0
27
(B) 255.255.255.255
(C) 255.0.0.0
(D) 255.255.0.0

Class A networks have the first octet in the range of 1–126.
The default subnet mask for the Class A networks is
255.0.0.0
Class B networks have the first octet in the range of 128–191

The default subnet mask for the Class B networks is
255.255.0.0
Class C networks have the first octet in the range of 192–223

The default subnet mask for the Class C networks is
255.255.255.0
In this case, the IP address 204.203.202.201 is a Class C

network so the default subnet mask is 255.255.255.0.

mask of the IP: 55.44.22.11?
(A) 255.255.255.0
(B) 255.255.255.255
(C) 255.0.0.0
28
(D) 255.255.0.0

Class A networks have the first octet in the range of 1–126.
The default subnet mask for the Class A networks is
255.0.0.0
Class B networks have the first octet in the range of 128–191

The default subnet mask for the Class B networks is
255.255.0.0
Class C networks have the first octet in the range of 192–223

The default subnet mask for the Class C networks is
255.255.255.0
In this case, the IP address 55.44.22.11 is a Class A network

so the default subnet mask is 255.0.0.0.
Question 7. At which two OSI layers can a switch operate?

(Choose two)
(A) Layer 1
(B) Layer 2
(C) Layer 3
(D) Layer 4
(E) Layer 5
29
(F) Layer 6
(G) Layer 7
Explanation 7. Layer 2 and Layer 3 are the correct answers.

A switch uses the MAC addresses of connected devices to
make its forwarding decisions. Therefore, it is called a data link,
or Layer 2, network device. It can also operate at Layer 3 or be
a multilayer switch.
Devices or components that operate at Layer 1 typically are

media-based, such as cables or connectors so switches don’t
operate at this layer.
The components from Layer 4 to Layer 7 are software-based,

not hardware-based.
Question 8. Which of the following addresses are not valid

Class A network IDs? (Choose all that apply)
(A) 1.0.0.0
(B) 5.0.0.0
(C) 140.0.0.0
(D) 127.0.0.0
(E) 195.0.0.0
(F) 9.0.0.0
30
Explanation 8. C, D and E are the correct answers.
Class A networks have the first octet in the range of 1–126, in-
clusive, and their network IDs have a 0 in the last three octets.
Invalid Class A network IDs are:

140.0.0.0
127.0.0.0
195.0.0.0
The network 140.0.0.0 is a Class B network ID.

The network 127.0.0.0 is a Loopback address.
The network 195.0.0.0 is a Class C network ID.
Question 9. Physical network topology is a higher-level idea of

ted through the network.
(A) TRUE
(B) FALSE
Explanation 9. FALSE is the correct answer.

Physical – The physical network topology refers to the actual
connections (wires, cables, etc.) of how the network is
arranged. Setup, maintenance, and provisioning tasks require
insight into the physical network.
31
Logical – The logical network topology is a higher-level idea of
ted through the network. Logical network topology includes
any virtual and cloud resources.
Question 10. Which of the following 802.11 wireless standards

operate on the 5GHz frequency band? (Choose all that apply)
(A) 802.11
(B) 802.11a
(C) 802.11b
(D) 802.11g
(E) 802.11n
(F) 802.11ac
Explanation 10. B, E and F are the correct answers.

The table below highlights the characteristics of the various
802.11 wireless standards.
32
IEEE Standards Frequency/Medium Speed
802.11 2.4 GHz 1 to 2Mbps
802.11a 5 GHz Up to
54Mbps
802.11b 2.4 GHz Up to 11Mbps
802.11g 2.4 GHz Up to

54Mbps
802.11n 2.4 GHz / 5 GHz Up to

600Mbps
802.11ac 5 GHz Up to
1.3Gbps
Question 11. TCP doesn’t establish a session between the

sending and receiving hosts, which is why TCP is called a con-
nectionless protocol, while UDP establishes a mutually ac-
knowledged session between two hosts before communication
takes place.
(A) TRUE
(B) FALSE

33
TCP is a connection-oriented protocol and UDP is a con-
nection-less protocol. TCP establishes a connection between
a sender and receiver before data can be sent. UDP does not
establish a connection before sending data.
TCP is slower than UDP because it has a lot more to do. TCP
has to establish a connection, error-check, and guarantee that
files are received in the order they were sent.
TCP is best suited to be used for applications that require

high reliability where timing is less of a concern.
1. World Wide Web (HTTP, HTTPS)

2. Secure Shell (SSH)
3. File Transfer Protocol (FTP)
4. Email (SMTP, IMAP/POP)
UDP is best suited for applications that require speed and

efficiency.
1. VPN tunneling
2. Streaming videos
3. Online games
4. Live broadcasts
5. Domain Name System (DNS)
34
6. Voice over Internet Protocol (VoIP)
7. Trivial File Transfer Protocol (TFTP)

used to map hostnames to an IPv4 address of the host?
(A) CNAME
(B) AAAA
(C) NS
(D) A
Explanation 12. A is the correct answer.

The Domain Name System (DNS) is the phonebook of the In-
ternet. Humans access information online through domain
names, like examsdigest.com or youtube.com. Web browsers
interact through Internet Protocol (IP) addresses. DNS trans-
lates domain names to IP addresses so browsers can load In-
ternet resources.
Each device connected to the Internet has a unique IP address

that other machines use to find the device. DNS servers elimi-
nate the need for humans to memorize IP addresses such as
192.168.1.1 (in IPv4), or more complex newer alphanumeric IP
addresses such as 2100:bb22:3272:1::2133:b1a4 (in IPv6).
DNS records are instructions that live in authoritative DNS

35
servers and provide information about a domain including what
IP address is associated with that domain and how to handle
requests for that domain. These records consist of a series of
text files written in what is known as DNS syntax. DNS syntax is
just a string of characters used as commands which tell the
DNS server what to do.
The most common types of DNS are:

A is used to map hostnames to an IPv4 address of the host.
AAAA is used to map hostnames to an IPv6 address of the
host.
CNAME is used to point a domain or subdomain to another
hostname.
SRV is used to identify computers that host specific services.
MX is used to help route emails.
TXT is used to provide the ability to associate text with a zone.
NS indicates which DNS server is authoritative for that domain.
PTR is used for the Reverse DNS (Domain Name System)
lookup.

used to point a domain or subdomain to another hostname?
(A) CNAME
(B) AAAA
(C) NS
36
(D) A
Explanation 13. CNAME is the correct answer.

The most common types of DNS are:
A is used to map hostnames to an IPv4 address of the host.
AAAA is used to map hostnames to an IPv6 address of the
host.
CNAME is used to point a domain or subdomain to another
hostname.
SRV is used to identify computers that host specific services.
MX is used to help route emails.
TXT is used to provide the ability to associate text with a zone.
NS indicates which DNS server is authoritative for that domain.
PTR is used for the Reverse DNS (Domain Name System)
lookup.
Question 14. Which of the following wireless topology is nor-

mally used to extend a wired LAN to connect wireless-capable
devices?
(A) Infrastructure wireless topology
(B) Ad Hoc Wireless Topology
(C) Wireless Mesh Topology
(D) Extend LAN Topology
37
Explanation 14. Infrastructure wireless topology is the cor-
rect answer.
Infrastructure wireless topology is normally used to extend a
wired LAN to connect wireless-capable devices. A wireless
network infrastructure device called wireless Access Point
(AP) is used to extend wired LAN to wireless LAN.
The AP forms a bridge between a wireless and wired LAN, and

all transmissions between wireless stations, or between a sys-
tem and a wired network client, go through the AP. APs are not
mobile and have to stay connected to the wired network.
Question 15. Which of the following is a computer network in

a defined area that links buildings and consists of multiple
LANs within that limited geographical area?
(A) Local-area Network (LAN)
(B) Wide-area Network (WAN)
(C) Metropolitan-area Network (MAN)
(D) Campus-Area Network (CAN)
Explanation 15. Campus-Area Network (CAN) is the correct

answer.
Campus-Area Network (CAN) is a computer network made
up of an interconnection of local area networks (LANs) within a
limited geographical area. The networking equipment (switch-
38
es, routers) and transmission media (optical fiber, copper plant,
Cat5 cabling, etc.) are almost entirely owned by the campus
tenant/owner: an enterprise, university, government, etc.
A campus area network is larger than a local area network but
smaller than a Metropolitan-area network (MAN) or a Wide-
area network (WAN).
Question 16. The protocol that uses the port 68 is called

_________________.
(A) DNS
(B) DHCP
(C) Telnet
(D) POP3
Explanation 16. DHCP is the correct answer.

The protocol that uses port 68 is called DHCP. Dynamic
Host Configuration Protocol (DHCP) is a client/server protocol
that automatically provides an Internet Protocol (IP) host with its
IP address and other related configuration information such as
the subnet mask and default gateway.
Every device on a TCP/IP-based network must have a unique

unicast IP address to access the network and its resources.
Without DHCP, IP addresses for new computers or computers
that are moved from one subnet to another must be configured
39
manually; IP addresses for computers that are removed from
the network must be manually reclaimed.
With DHCP, this entire process is automated and managed

centrally. The DHCP server maintains a pool of IP addresses
and leases an address to any DHCP-enabled client when it
starts up on the network.
DHCP operations fall into four phases: server discovery, IP

lease offer, IP lease request, and IP lease acknowledgment.
These stages are often abbreviated as DORA for discovery, of-
fer, request, and acknowledgment.

for its service?
(A) DNS
(B) HTTP
(C) SSH
(D) SMTP
Explanation 17. SSH is the correct answer.

The standard TCP port for SSH is 22. SSH or Secure Shell is a
remote administration protocol that allows users to control and
modify their remote servers over the Internet.
40
53 for its service?
(A) DNS
(B) HTTP
(C) SSH
(D) SMTP
Explanation 18. DNS is the correct answer.

DNS uses port 53. The Domain Name System (DNS) is the
phonebook of the Internet. Humans access information online
through domain names, like examsdigest.com or youtube.com.
Web browsers interact through Internet Protocol (IP) addresses.
DNS translates domain names to IP addresses so browsers can
load Internet resources.
Question 19. A broadcast address is an IP address that you

can use to target all systems on a subnet or network instead of
single hosts.
(A) TRUE
(B) FALSE
Explanation 19. TRUE is the correct answer.

A Broadcast Address is an IP address that you can use to tar-
get all systems on a subnet or network instead of single hosts.
In other words, a broadcast message goes to everyone on the
41
network.
Using broadcast, computers can also locate any network de-

vices like printers and scanners without knowing their IP ad-
dresses.
Question 20. Which of the following functions is the function

of ARP?
(A) Resolves hostnames to IP addresses
(B) Resolves IP addresses to MAC addresses
(C) Resolves MAC addresses to IP addresses
(D) Resolves IP addresses to hostnames
Explanation 20. Resolves IP addresses to MAC addresses

is the correct answer.
The Address Resolution Protocol (ARP) is responsible for re-
solving the link-layer address, such as a MAC address, associ-
ated with a given internet layer address, typically an IPv4 ad-
dress.
RARP is responsible for resolving MAC addresses to IP ad-

dresses.
DNS is responsible for resolving hostnames to IP addresses.
42
Reverse DNS is responsible for resolving IP addresses to host-
names.

Bluetooth, NFC, and Z-Wave? (Choose all that apply)
(A) Bluetooth is based on the IEEE 802.15.1 standard
(B) Bluetooth uses the 3.4 to 3.485 GHz band
(C) Near-field communication transmits data through
electromagnetic radio fields to enable two devices to
(D) Near-field communication (NFC) is a long-range wire-
less connectivity technology that lets NFC-enabled devices
(E) Z-Wave is a wired communication protocol
(F) Z-Wave essentially focus on connectivity within the
smart home
Explanation 21. A, C and F are the correct answers.

True statements:
1. Bluetooth is based on the IEEE 802.15.1 standard
2. Near-field communication transmits data through electro-
magnetic radio fields to enable two devices to communicate
with each other.
3. Z-Wave essentially focus on connectivity within the smart
home.
43
4. Bluetooth uses the 2.4 to 2.485 GHz band.
5. Near-field communication (NFC) is a short-range wireless
connectivity technology that lets NFC-enabled devices com-
municate with each other.
6. Z-Wave is a wireless communication protocol.
False statements:
1. Bluetooth uses the 3.4 to 3.485 GHz band.
2. Near-field communication (NFC) is a long-range wireless
connectivity technology that lets NFC-enabled devices com-
municate with each other.
3. Z-Wave is a wired communication protocol.

so as each device in the network have to be connected to a
central device. Which of the following topologies will you im-
plement?
(A) Bus topology
(B) Star topology
(C) Mesh topology
(D) Ring topology
Explanation 22. Star topology is the correct answer.

In the star topology each device in the network is connected to
a central device called a hub.
44
Advantages:
1. Each of the nodes is independently connected to the central
hub, should one go down, the rest of the network will continue
functioning unaffected.
2. Star networks are easily expanded without disruption to the
network.
Disadvantages:
1. Requires more cable than most of the other topologies.
2. The overall bandwidth and performance of the network are
also limited by the central node’s configurations and technical
specifications.
45
so as each device have to be connected with the two devices
on either side of it. Which of the following topologies will you
implement?
(A) Bus topology
(B) Star topology
(C) Mesh topology
(D) Ring topology
Explanation 23. Ring topology is the correct answer.

In the ring topology each device is connected with the two de-
vices on either side of it.
46
Advantages:
1. Cable faults are easily located, making troubleshooting easi-
er.
2. Only one station on the network is permitted to send data at
a time, which greatly reduces the risk of packet collisions
Disadvantages:
1. All the devices on the network share bandwidth, so the addi-
tion of more devices can contribute to overall communication
delays.
2. A single break in the cable can disrupt the entire network.
Question 24. Which of the following statements are consid-

ered advantages using Virtual Local Area Networks (VLANs)?
(A) With the creation of logical (virtual) boundaries,
network segments can be isolated
(B) VLANs reduce broadcast traffic throughout the net-
work, so free up bandwidth
(C) A VLAN can not pass the traffic to another VLAN
(D) VLANs can be used to build broadcast domains that
remove the need for costly routers
Explanation 24. A, B and D are the correct answers.

VLANs are used for network segmentation, a strategy that sig-
47
nificantly increases the network’s performance capability re-
moves potential performance bottlenecks, and can even in-
crease network security. A VLAN is a group of connected com-
puters that act as if they are on their own network segment,
even though they might not be.
Advantages of using VLANs:

1. With the creation of logical (virtual) boundaries, network
segments can be isolated, so VLANs increase security on net-
works
2. VLANs reduce broadcast traffic throughout the network, so
free up bandwidth.
3. VLAN’s can be used to build broadcast domains that remove
the need for costly routers.
Question 25. You are installing a wireless network solution

that uses a feature known as MU-MIMO. Which wireless net-
working standard are you using?
(A) 802.11n
(B) 802.11b
(C) 802.11a
(D) 802.11ac
Explanation 25. 802.11ac is the correct answer.

Multi-user, multiple-input, multiple-output technology—
48
better known as MU-MIMO allows a Wi-Fi router to communi-
cate with multiple devices simultaneously. This decreases the
time each device has to wait for a signal and dramatically
speeds up your network. Considering that the average house-
hold has upwards of eight devices battling for bandwidth si-
multaneously, MU-MIMO will increasingly improve your WiFi
experience.
For home WiFi users, annoyances such as choppy video and

continual buffering can really put a damper on the fun, but any-
one who uses a WiFi network will benefit from the performance
improvements of MU-MIMO. Here are some of the ways MU-
MIMO kicks common WiFi problems to the curb:
1. Both MU-MIMO and non-MU-MIMO (SU-MIMO) devices op-

erate faster because all devices on the network have less time
to wait to get data from the WiFi router.
2. MU-MIMO technology increases the capacity and efficiency

of your router, allowing it to handle more WiFi-intensive activi-
ties such as streaming and gaming.
Question 26. Which of the following IEEE 802.11 Wi-Fi stan-

dards use the 2.4 GHz band? (Choose all that apply)
(A) 802.11
49
(B) 802.11b
(C) 802.11g
(D) 802.11a
(E) 802.11n
(F) 802.11ac
(G) 802.11ax
Explanation 26. A, B, C, E and G are the correct answers.

The following table provides all the needed information to an-
swer any question either on the interview as a junior network
engineer or for the CompTIA Network+ and CCNA exams. Make
sure to memorize it.
IEEE 2.4
Standard GHz 5 GHz Max Data Rate
802.11 Yes No 2 Mbps
802.11b Yes No 11 Mbps
802.11g Yes No 54 Mbps
802.11a No Yes 54 Mbps
802.11n Yes Yes 600 Mbps
802.11ac No Yes 6.93 Gbps
50
802.11ax Yes Yes 4x higher than
802.11ac
Question 27. Which of the following cloud services requires

the least amount of user management, as a service provider is
responsible for managing everything, and the end-user just
uses the software.
(A) Infrastructure as a service (IaaS)
(B) Platform as a service (PaaS)
(C) Software as a service (SaaS)
(D) Infrastructure as a service (IaaS) and Platform as a ser-
vice (PaaS)
Explanation 27. Software as a service (SaaS) is the correct

answer.
SaaS is software that is centrally hosted and managed for the
end customer. It is usually based on an architecture where one
version of the application is used for all customers, and li-
censed through a monthly or annual subscription.
SaaS requires the least amount of management. The cloud

provider is responsible for managing everything, and the end-
user just uses the software.
Question 28. Network Address Translation (NAT) is designed

51
for IP address conservation. It enables private IP networks that
use unregistered IP addresses to connect to the Internet.
(A) TRUE
(B) FALSE

Network Address Translation (NAT) is designed for IP ad-
dress conservation. It enables private IP networks that use un-
registered IP addresses to connect to the Internet.
To access the Internet, one public IP address is needed, but we

can use a private IP address in our private network. The idea of
NAT is to allow multiple devices to access the Internet through
a single public address.
To achieve this, the translation of private IP address to a public

IP address is required. Network Address Translation (NAT) is
a process in which one or more local IP address is translated
into one or more Global IP address and vice versa.
Question 29. Which of the following performance concepts

delays the flow of certain types of network packets in order to
ensure network performance for higher priority applications?
(A) Traffic shaping
(B) QoS
52
(C) CoS
(D) Diffserv
Explanation 29. Traffic shaping is the correct answer.

Traffic shaping (also known as packet shaping) is a bandwidth
management technique that delays the flow of certain types of
network packets in order to ensure network performance for
higher priority applications.
Traffic shaping essentially limits the amount of bandwidth that

can be consumed by certain types of applications. It is primarily
used to ensure a high quality of service for business-related
network traffic.
The most common type of traffic shaping is application-based

traffic shaping
Question 30. Which of the following performance concepts is

the process of managing network resources to reduce packet
loss?
(A) Traffic shaping
(B) QoS
(C) CoS
(D) Diffserv
53
Explanation 30. QoS is the correct answer.
Quality of Service (QoS) in networking is the process of man-
aging network resources to reduce packet loss as well as lower
network jitter and latency. QoS technology can manage re-
sources by assigning the various types of network data differ-
ent priority levels.
QoS is usually applied on networks that cater to traffic that car-

ry resource-intensive data like:
1. Video-on-demand
2. Voice over IP (VoIP)
3. Internet Protocol television (IPTV),
4. Streamed media
5. Video conferencing
6. Online gaming
Question 31. Port __________ copies packets entering or exiting

a port or entering a VLAN and sends the copies to a local inter-
face for local monitoring or to a VLAN for remote monitoring.
(A) Copying
(B) Learning
(C) Trunking
(D) Mirroring
Explanation 31. Mirroring is the correct answer.

54
Port mirroring copies packets entering or exiting a port or en-
tering a VLAN and sends the copies to a local interface for local
monitoring or to a VLAN for remote monitoring.
Use port mirroring to send traffic to applications that analyze

traffic for purposes such as monitoring compliance, enforcing
policies, detecting intrusions, monitoring and predicting traffic
patterns, correlating events, and so on.
Port mirroring is needed for traffic analysis on a switch because

a switch normally sends packets only to the port to which the
destination device is connected.
Question 32. Choose the shortest valid abbreviation for the

IPv6 address 5000:0400:0030:0006:
8000:0800:0010:0002.
(A) 5000:400:30:6:8000:800:10:2
(B) 5000:400:30:6:8000:8:10:2
(C) 5000:400::2
(D) 5:4:3:6:8:8:1:2
Explanation 32. 5000:400:30:6:8000:800:10:2 is the cor-

rect answer.
To abbreviate IPv6 addresses, only leading 0s in a quartet (one
set of four hex digits) should be removed. Many of the quartets
55
have trailing 0s (0s on the right side of the quartet), so make
sure to not remove those 0s.
Question 33. A common use case scenario using

______________ cloud deployment method is that web ap-
plications or blog sites are deployed on hardware and resources
that are owned by a cloud provider.
(A) Public
(B) Private
(C) Hybrid
(D) Semipublic
Explanation 33. Public is the correct answer.

A common use case scenario using public cloud deployment
method is that web applications or blog sites are deployed on
hardware and resources that are owned by a cloud provider.
This is the most common deployment model. In this case, you

have no local hardware to manage or keep up-to-date – every-
thing runs on your cloud provider’s hardware. In some cases,
you can save additional costs by sharing computing resources
with other cloud users.
A common use case scenario is deploying a web application or

a blog site on hardware and resources that are owned by a
56
cloud provider. Using a public cloud in this scenario allows
cloud users to get their website or blog up quickly, and then fo-
cus on maintaining the site without having to worry about pur-
chasing, managing, or maintaining the hardware on which it
runs.

Software-Defined Networking (SDN)? (Choose all that apply)
(A) SDN enables network behavior to be controlled by
the software that resides beyond the networking devices
(B) SDN simplifies provisioning and management of
networked resources, everywhere from the data center to
the campus or wide area network
(C) SDN separates the control plane management of
network devices from the underlying data plane that for-
wards network traffic
(D) SDN reduces the complexity of statically defined
networks
Explanation 34. A, B, C and D are the correct answers.

All statements are correct.
Software-Defined Networking (SDN) is a network architec-
ture approach that enables the network to be intelligently and
centrally controlled, or ‘programmed,’ using software ap-
plications. This helps operators manage the entire network
57
consistently and holistically, regardless of the underlying net-
work technology.
There are four critical areas in which SDN technology can make
a difference for an organization.
1. Network programmability: SDN enables network behavior

to be controlled by the software that resides beyond the net-
working devices that provide physical connectivity
2. Logically centralize intelligence and control: SDN is built

on logically centralized network topologies, which enable intel-
ligent control and management of network resources. Tradi-
tional network control methods are distributed. Devices func-
tion autonomously with limited awareness of the state of the
network.
3. Abstraction of the network: Services and applications run-

ning on SDN technology are abstracted from the underlying
technologies and hardware that provide physical connectivity
from network control.
4. Openness: SDN architectures usher in a new era of open-

ness—enabling multi-vendor interoperability as well as foster-
ing a vendor-neutral ecosystem. Openness comes from the
58
SDN approach itself.

ronment. Which command will you type to discover your NIC’s
MAC address?
(A) ipconfig/all
(B) netstat/all
(C) ping/all
(D) route/all
Explanation 35. ipconfig/all is the correct answer.

The command to discover your NIC’s MAC address on Win-
dows environment is: ipconfig /all
The command to discover your NIC’s MAC address on Linux &

Mac is: ifconfig -a
Question 36. The routing protocol that does not rely on peri-
odic advertisement of all the network prefixes in an au-
tonomous system is called _______________.
(A) RIP
(B) OSPF
(C) EIGRP
(D) BGP
59
Explanation 36. EIGRP is the correct answer.
The routing protocol that does not rely on periodic advertise-
ment of all the network prefixes in an autonomous system is
called EIGRP. The protocol advertises incremental updates only
as topology changes occur within a network.
Enhanced Interior Gateway Routing Protocol (EIGRP) over-

comes the deficiencies of other distance vector routing proto-
cols, such as Routing Information Protocol (RIP), with features
such as unequal-cost load balancing, support for networks 255
hops away, and rapid convergence features.
EIGRP uses a diffusing update algorithm (DUAL) to identify
network paths and provides for fast convergence using precal-
culated loop-free backup paths.
Some of the many advantages of EIGRP are:

1. Very low usage of network resources during normal opera-
tion; only hello packets are transmitted on a stable network
2. When a change occurs, only routing table changes are prop-
agated, not the entire routing table; this reduces the load the
routing protocol itself places on the network
3. Rapid convergence times for changes in the network topolo-
gy (in some situations convergence can be almost instanta-
neous)
60
EIGRP is an enhanced distance vector protocol, relying on the
Diffused Update Algorithm (DUAL) to calculate the shortest
path to a destination within a network.
Question 37. Which of the following is a proprietary protocol

from Cisco used to reduce administration in the switched net-
work?
(A) VTP
(B) SMTP
(C) FTP
(D) HTTP
Explanation 37. VTP is the correct answer.

VLAN Trunking Protocol (VTP) is a proprietary protocol from
Cisco used to reduce administration in the switched network.
With VTP, you can synchronize VLAN information (such as
VLAN ID or VLAN name) with switches inside the same VTP
domain.
A VTP domain is a set of trunked switches with the matching

VTP settings (the domain name, password and VTP version).
All switches inside the same VTP domain share their VLAN in-
formation with each other.
The VLAN Trunking Protocol (VTP) is a very useful protocol to

61
create, manage, and maintain a large network with many inter-
connected switches.
The VLAN Trunking Protocol (VTP) can manage the addition,

deletion, and renaming of VLANs from a central point without
manual intervention and VLAN Trunk Protocol (VTP) thus re-
duces network administration in a switched network.
Question 38. Which of the following protocols is used to re-

move redundant links between switches and build loop-free
Ethernet networks?
(A) Spanning Tree Protocol (STP)
(B) Loop-Free Protocol (LFP)
(C) Redundant Link Protocol (RLP)
(D) Redundant-Free Protocol (RFP)
Explanation 38. Spanning Tree Protocol (STP) is the correct

answer.
Spanning Tree Protocol (STP) is used to remove redundant
links between switches and build loop-free Ethernet networks.
Spanning Tree Protocol (STP) is a Layer 2 protocol that runs

on bridges and switches. The specification for STP is IEEE
802.1D. The main purpose of STP is to ensure that you do not
create loops when you have redundant paths in your
62
network. Loops are deadly to a network.
It actively monitors all links of the network. To finds a redundant

link, it uses an algorithm, known as the STA (spanning-tree al-
gorithm). The STA algorithm first creates a topology database
then it finds and disables the redundant links.
Once redundant links are disabled, only the STP-chosen links

remain active. If a new link is added or an existing link is re-
moved, the STP re-runs the STA algorithm and re-adjusts all
links to reflect the change.
63
CHAPTER 2
INFRASTRUCTURE
Questions 39-65

NAS and SAN. (Choose all that apply)
(A) SAN is a file-level data storage device attached to a
TCP/IP network, usually Ethernet
(B) SAN stands for Storage Area Network
(C) SAN is a dedicated high-performance network for con-
solidated block-level storage. The network interconnects stor-
age devices, switches, and hosts
(D) NAS stands for Network-Attached Storage
(E) NAS uses SCSI protocol to communicate with servers
(F) SAN used in enterprise environments while NAS used in
small to medium-sized businesses
Question 40. Which of the following statements is true regard-

ing crossover cables.
(A) Wires 1 and 3 and wires 2 and 6 are crossed
(B) Wires 1 and 6 and wires 2 and 3 are crossed
(C) Wires 1 and 2 and wires 3 and 4 are crossed
64
(D) Wires 1 and 4 and wires 2 and 6 are crossed
Question 41. AAA stands for Authentication, Authorization,
______________________. AAA is a system for tracking user activi-
ties on an IP-based network and controlling their access to
network resources.
(A) Access
(B) Accounting
(C) Auditing
(D) Activity
Question 42. Routers forward packets based on the MAC ad-

dress.
(A) TRUE
(B) FALSE
Question 43. A connection between devices that requires a

crossover cable is: switch to _______________.
(A) Switch
(B) Router
(C) PC
(D) AP
Question 44. Which of the following devices forwards data

packets to all connected ports?
(A) Router
65
(B) L2 Switch
(C) Hub
(D) L3 Switch
Question 45. You have been tasked to establish a WAN con-

nection between two offices: one office is in Berlin and the oth-
er one in Hamburg. The transmission speed can be no less
than 5 Mbps. Which of the following technologies would you
choose?
(A) ISDN
(B) T1
(C) T3
(D) Frame Relay
Question 46. When an IP packet is to be forwarded, a router

uses its forwarding table to determine the next hop for the
packet’s destination based on the ____________ address.
(A) destination IP
(B) source IP
(C) destination MAC
(D) source MAC
Question 47. One of the key differences between Baseband

and Broadband transmissions is that Broadband transmission
uses digital signaling over a single wire.
66
(A) TRUE
(B) FALSE
Question 48. Which of the following advanced networking de-

vices manages wireless network access points that allow wire-
less devices to connect to the network?
(A) Proxy server
(B) Load balancer
(C) Wireless controller
(D) VPN concentrator

vices improves the overall performance of applications by de-
creasing the burden on servers?
(A) Proxy server
(B) Load balancer

vices is an intermediary server separating end users from the
websites they browse?
(A) Proxy server
(B) Load balancer
67
Question 51. The forwarding technology that uses labels in-
stead of looking in a routing table to forward data is called
________________.
(A) PLSM
(B) MPLS
(C) SLPM
(D) LMSP
Question 52. Which of the following tools is used to identify

malicious activity, record detected threats, report detected
threats, and take preventative action to stop a threat from doing
damage?
(A) Intrusion Prevention System
(B) Content filter
(C) UTM appliance
(D) VoIP gateway
Question 53. Which of the following tools is a single security

appliance, that provides multiple security functions such as an-
tivirus, anti-spyware, anti-spam, network firewalling, intrusion
detection and prevention, content filtering and leak prevention?
(B) Content filter
(C) UTM appliance
68
(D) VoIP gateway
Question 54. Given the following visual, your task is to identify
the fiber connector type.
(A) MTRJ
(B) SC
(C) LC
(D) ST

69
(A) MTRJ
(B) SC
(C) LC
(D) ST
Question 56. The twisted-pair cable category 5 can transmit

data up to _________________ Mbps.
(A) 1
(B) 16
(C) 4
(D) 100
Question 57. Which of the following statements are true re-

garding the Next-Generation Firewall (NGFW)?
(A) NGFW can't block modern threats such as advanced
malware and application-layer attacks
(B) NGFW filter packets based on applications
(C) NGFW integrates intrusion prevention system
(D) NGFW can be a low-cost option for companies looking
to improve their security
(E) NGFW is considered a more advanced version of the
traditional firewall
Question 58. Which of the following connection types simplify

70
the network connectivity by unifying input/out ports and reduc-
ing the number of cables and interface cards?
(A) FCoE
(B) Fibre Channel
(C) iSCSI
(D) InfiniBand
Question 59. Which of the following connection types is used

for transmitting data among data centers, computer servers,
switches and storage at data rates of up to 128 Gbps.
(A) FCoE
(B) Fibre Channel
(C) iSCSI
(D) InfiniBand
Question 60. A virtual network adapter uses the host physical

network adapter to initiate and manage network communica-
tions.
(A) TRUE
(B) FALSE
Question 61. Which of the following Virtual networking com-

ponents provides network traffic filtering and monitoring for vir-
tual machines (VMs) in a virtualized environment?
(A) Virtual NIC
71
(B) Virtual Router
(C) Virtual Switch
(D) Virtual Firewall
Question 62. It has been noticed that your co-workers spend

a tremendous amount of time on social media and their pro-
ductivity has been reduced dramatically. Which of the following
program would you use to mitigate this phenomenon?
(A) Content Filtering
(B) Social media Filtering
(C) Internet Filtering
(D) Website Filtering
Question 63. Which of the following networking device con-

nects multiple switches, to form an even larger network?
(A) Switch
(B) Router
(C) Wireless Access Point
(D) Firewall

trols data access between networks?
(A) Switch
(B) Router
72
(D) Firewall

(A) MTRJ
(B) SC
(C) LC
(D) ST
73
Answers 39-65

NAS and SAN. (Choose all that apply)
(A) SAN is a file-level data storage device attached to a
TCP/IP network, usually Ethernet
(B) SAN stands for Storage Area Network
(C) SAN is a dedicated high-performance network for
consolidated block-level storage. The network intercon-
nects storage devices, switches, and hosts
(D) NAS stands for Network-Attached Storage
(E) NAS uses SCSI protocol to communicate with servers
(F) SAN used in enterprise environments while NAS
used in small to medium-sized businesses
Explanation 39. B, C, D and F are the correct answers.

Storage Area Network (SAN) is a dedicated high-perfor-
mance network for consolidated block-level storage allowing
multiple clients to access files at the same time with very high
performance. SAN uses the SCSI protocol to communicate with
servers. The network interconnects storage devices, switches,
and hosts.
SAN used in enterprise environments while.

SAN Benefits:
74
1. Extremely fast data access.
2. Dedicated network for storage relieves stress on LAN.
3. Highly expandable.
4. OS level (block-level) access to files.
5. High quality-of-service for demanding applications such as
video editing.
Network-Attached Storage (NAS) is a file-level data storage

device attached to a TCP/IP network, usually Ethernet. NAS
used in small to medium-sized businesses.
The device itself is a network node, much like computers and

other TCP/IP devices, all of which maintain their own IP address
and can effectively communicate with other networked de-
vices.
NAS Benefits:
1. Relatively inexpensive.
2. 24/7 and remote data availability.
3. Good expandability.
4. Redundant storage architecture.
5. Automatic backups to other devices and cloud.
6. Flexibility.
75
Question 40. Which of the following statements is true regard-
ing crossover cables.
(A) Wires 1 and 3 and wires 2 and 6 are crossed
(B) Wires 1 and 6 and wires 2 and 3 are crossed
(C) Wires 1 and 2 and wires 3 and 4 are crossed
(D) Wires 1 and 4 and wires 2 and 6 are crossed
Explanation 40. Wires 1 and 3 and wires 2 and 6 are

crossed is the correct answer.
A crossover cable is a type of twisted-pair copper wire cable
for LANs (local area network) in which the wires on the cable
are crossed over so that the receive signal pins on the RJ-45
connector on one end are connected to the transmit signal pins
on the RJ-45 connector on the other end.
Wires 1 and 3 and wires 2 and 6 are crossed.

Crossover cables are used to connect two devices of the same
type, e.g. two computers or two switches to each other.
Question 41. AAA stands for Authentication, Authorization,

______________________. AAA is a system for tracking user activi-
ties on an IP-based network and controlling their access to
network resources.
(A) Access
(B) Accounting
76
(C) Auditing
(D) Activity
Explanation 41. Accounting is the correct answer.

AAA stands for Authentication, Authorization, Accounting.
AAA is a system for tracking user activities on an IP-based
network and controlling their access to network resources.
Authentication, authorization, and accounting (AAA) man-
age user activity to and through systems.
You can think of AAA in the following manner:

1. Authentication: Who is the user?
2. Authorization: What is the user allowed to do?
3. Accounting: What did the user do?
Cisco implements AAA services in its Identity Services Engine

(ISE) platform.
AAA servers support the following two protocols to com-

municate with enterprise resources:
1. TACACS+: TACACS+ A Cisco proprietary protocol that sepa-
rates each of the AAA functions. Communication is secure and
encrypted over TCP port 49.
One of the key differentiators of TACACS+ is its ability to sepa-

77
rate authentication, authorization, and accounting as separate
and independent functions. This is why TACACS+ is so com-
monly used for device administration, even though RADIUS is
still certainly capable of providing device administration AAA.
2. RADIUS: Radius is a network protocol that controls user

network access via authentication and accounting. Commonly
used by Internet Service Providers (ISPs), cellular network
providers, and corporate and educational networks.
The RADIUS protocol serves three primary functions:

Authenticates users or devices before allowing them access
to a network.
Authorizes those users or devices for specific network ser-
vices.
Accounts for the usage of those services.
Question 42. Routers forward packets based on the MAC ad-

dress.
(A) TRUE
(B) FALSE

The main purpose of a router is to connect multiple networks
and forward packets destined either for its own networks or
78
other networks.
A router is considered a layer-3 device because its primary for-

warding decision is based on the information in the layer-3 IP
packet, specifically the destination IP address.
When a router receives a packet, it searches its routing table to

find the best match between the destination IP address of the
packet and one of the addresses in the routing table.
Switches are responsible to forward data based on the

MAC address. Routers using the destination IP address for
routing decisions.
Question 43. A connection between devices that requires a

crossover cable is: switch to _______________.
(A) Switch
(B) Router
(C) PC
(D) AP
Explanation 43. Switch is the correct answer.

A connection between devices that requires a crossover cable
is: switch to switch.
79
A crossover cable is a type of twisted-pair copper wire cable for
LANs (local area network) in which the wires on the cable are
crossed over so that the receive signal pins on the RJ-45 con-
nector on one end are connected to the transmit signal pins on
the RJ-45 connector on the other end.
Crossover cables are used to connect two devices of the same

type, e.g. two computers or two switches to each other.
Question 44. Which of the following devices forwards data

packets to all connected ports?
(A) Router
(B) L2 Switch
(C) Hub
(D) L3 Switch
Explanation 44. Hub is the correct answer.

A hub also called a network hub, is a common connection point
for devices in a network. Hubs are devices commonly used to
connect segments of a LAN. The hub contains multiple ports.
When a packet arrives at one port, forwards that packet to all
connected ports.
Question 45. You have been tasked to establish a WAN con-

nection between two offices: one office is in Berlin and the oth-
80
er one in Hamburg. The transmission speed can be no less
than 5 Mbps. Which of the following technologies would you
choose?
(A) ISDN
(B) T1
(C) T3
(D) Frame Relay
Explanation 45. T3 is the correct answer.

A T3 line is a point-to-point Internet connection capable of
transmitting up to 44.736 Mbps.
A T3 line is composed of 28 bundled T1-level circuits. Each T1

circuit operates at 1.544 megabits per second (Mbps), for a to-
tal connection speed of 44.736 Mbps. A T3 line is also often
referred to as a Digital Signal 3 (DS3) connection.
Question 46. When an IP packet is to be forwarded, a router

uses its forwarding table to determine the next hop for the
packet’s destination based on the ____________ address.
(A) destination IP
(B) source IP
(C) destination MAC
(D) source MAC
81
Explanation 46. destination IP is the correct answer.
When an IP packet is to be forwarded, a router uses its forward-
ing table to determine the next hop for the packet’s destination
based on the destination IP address.
Question 47. One of the key differences between Baseband

and Broadband transmissions is that Broadband transmission
uses digital signaling over a single wire.
(A) TRUE
(B) FALSE

Baseband transmissions use digital signaling over a single
wire. Communication on baseband transmissions is bidirec-
tional, allowing signals to be sent and received, but not at the
same time. To send multiple signals on a single cable, base-
band uses something called time-division multiplexing (TDM).
Broadband transmissions use analog transmissions. For

broadband transmissions to be sent and received, the medium
must be split into two channels. (Alternatively, two cables can
be used: one to send and one to receive transmissions.) Multi-
ple channels are created using frequency-division multiplexing
(FDM).
82
vices manages wireless network access points that allow wire-
less devices to connect to the network?
(A) Proxy server
(B) Load balancer
Explanation 48. Wireless controller is the correct answer.

A wireless controller manages wireless network access points
that allow wireless devices to connect to the network.
Most Cisco Wireless LAN Controllers (WLCs) supports the

following features:
1. Distribution system ports: These ports are used to connect

the WLC to a network switch and act as a path for data.
2. Service port: This port is used as a management or console

port. This port is active during the boot mode of the WLC.
3. Management interface: This interface is used for in-band

management and provides connectivity to network devices
(such as DHCP servers or Radius servers). If you want to con-
nect to the controller’s web management interface, it would be
83
through this interface.The management interface is assigned
an IP address and is the initial point of contact for Lightweight
Access Point Protocol (LWAPP) communication and registra-
tion.
3. AP-manager interface: This interface is used to control and

manage all Layer 3 communications between the WLC and
lightweight APs.
4. Virtual interface: This interface is used to support mobility

management features, such as DHCP relay and Guest Web Au-
thentication.
5. Service-port interface: This interface is used to communi-

cate to the service port and must have an IP address that be-
longs to a different IP subnet than that of the AP-manager in-
terface and any other dynamic interface.
6. Dynamic interfaces: These are VLAN interfaces created by

you to allow for communication to various VLANs.

vices improves the overall performance of applications by de-
creasing the burden on servers?
(A) Proxy server
84
(B) Load balancer
Explanation 49. Load balancer is the correct answer.

A load balancer is a device that acts as a reverse proxy and
distributes network or application traffic across a number of
servers.
Load balancers are used to increase capacity (concurrent

users) and reliability of applications. They improve the overall
performance of applications by decreasing the burden on
servers associated with managing and maintaining application
and network sessions, as well as by performing application-
specific tasks.
Load balancers are generally grouped into two categories: Lay-

er 4 and Layer 7. Layer 4 load balancers act upon data found in
network and transport layer protocols (IP, TCP, FTP, UDP). Lay-
er 7 load balancers distribute requests based upon data found
in application layer protocols such as HTTP.

vices is an intermediary server separating end users from the
websites they browse?
85
(A) Proxy server
(B) Load balancer
Explanation 50. Proxy server is the correct answer.

The proxy server is an intermediary server separating end
users from the websites they browse.
If you’re using a proxy server, internet traffic flows through

the proxy server on its way to the address you requested.
The request then comes back through that same proxy server
(there are exceptions to this rule), and then the proxy server
forwards the data received from the website to you.
Modern proxy servers do much more than forwarding web re-

quests, all in the name of data security and network perfor-
mance.
Proxy servers act as a firewall and web filter, provide shared

network connections, and cache data to speed up common re-
quests.
86
Question 51. The forwarding technology that uses labels in-
stead of looking in a routing table to forward data is called
________________.
(A) PLSM
(B) MPLS
(C) SLPM
(D) LMSP
Explanation 51. MPLS is the correct answer.

The forwarding technology that uses labels instead of looking
in a routing table to forward data is called MPLS.
Multiprotocol Label Switching (MPLS) is a data forwarding

technology that increases the speed and controls the flow of
network traffic. With MPLS, data is directed through a path via
labels instead of requiring complex lookups in a routing table at
every stop.
MPLS allows most data packets to be forwarded at Layer 2 of

the Open Systems Interconnection (OSI) model, rather than
having to be passed up to Layer 3.
In an MPLS network, each packet gets labeled on entry into

the service provider’s network by the ingress router, also known
as the label edge router (LER). This is also the router that de-
87
cides the LSP the packet will take until it reaches its destination
address.
All the subsequent label-switching routers (LSRs) perform

packet forwarding based only on those MPLS labels — they
never look as far as the IP header. Finally, the egress router re-
moves the labels and forwards the original IP packet toward its
final destination.
Question 52. Which of the following tools is used to identify

malicious activity, record detected threats, report detected
threats, and take preventative action to stop a threat from doing
damage?
(B) Content filter
(C) UTM appliance
(D) VoIP gateway
Explanation 52. Intrusion Prevention System is the correct

answer.
An Intrusion Prevention System (IPS) is used to identify mali-
cious activity, record detected threats, report detected threats,
and take preventative action to stop a threat from doing dam-
age. An IPS tool can be used to continually monitor a network in
real-time.
88
Intrusion prevention is a threat detection method that can be
utilized in a secure environment by system and security admin-
istrators. These tools are useful for systems as a prevention ac-
tion for observed events.
Question 53. Which of the following tools is a single security

appliance, that provides multiple security functions such as an-
tivirus, anti-spyware, anti-spam, network firewalling, intrusion
detection and prevention, content filtering and leak prevention?
(B) Content filter
(C) UTM appliance
(D) VoIP gateway
Explanation 53. UTM appliance is the correct answer.

Unified threat management (UTM) is an information security
term that refers to a single security solution, and usually a sin-
gle security appliance, that provides multiple security functions
at a single point on the network.
A UTM appliance will usually include functions such as an-

tivirus, anti-spyware, anti-spam, network firewalling, intru-
sion detection and prevention, content filtering and leak
prevention. Some units also provide services such as remote
89
routing, network address translation (NAT), and virtual private
network (VPN) support.

(A) MTRJ
(B) SC
(C) LC
(D) ST
Explanation 54. MTRJ is the correct answer.

90
(A) MTRJ
(B) SC
(C) LC
(D) ST
Explanation 55. SC is the correct answer.
Question 56. The twisted-pair cable category 5 can transmit

data up to _________________ Mbps.
(A) 1
(B) 16
(C) 4
(D) 100
Explanation 56. 100 is the correct answer.

The twisted-pair cable category 5 can transmit data up to
100Mbps.
91
Below is a summary of the Copper cable standards with their
speeds.
Catego Maximum
ry data rate Usual application
CAT 1 Up to 1 analog voice (POTS)

Mbps (1 Basic Rate Interface in ISDN
MHz) Doorbell wiring
CAT 2 4 Mbps Mainly used in the IBM cabling

system for Token Ring
networks
CAT 3 16 Mbps Voice (analog most popular

implementation)
10BASE-T Ethernet
CAT 4 20 Mbps Used in 16 Mbps Token Ring,

otherwise not used much. Was
only a standard briefly and
never widely installed.
92
CAT 5 100 MHz 100 Mbps TPDDI
155 Mbps ATM
No longer supported; replaced
by 5E.
10/100BASE-T
4/16MBps Token Ring
Analog Voice
CAT 5E 100 MHz 100 Mbps TPDDI

155 Mbps ATM
Gigabit Ethernet
Offers better near-end
crosstalk than CAT 5
CAT 6 Up to 250 Minimum cabling for data

MHz centers in TIA-942.
Quickly replacing category 5e.
CAT 6E MHz Support for 10 Gigabit

(field- Ethernet (10GBASE-T)
tested to May be either shielded (STP,
500 MHz) ScTP, S/FTP) or unshielded
(UTP)
This standard published in
Feb. 2008.
Minimum for Data Centers in
ISO data center standard.
93
CAT 7 600 MHz Full-motion video
(ISO 1.2 GHz in Teleradiology
Class pairs with Government and
F) Siemon manufacturing environments
connector Fully Shielded (S/FTP) system
using non-RJ45 connectors
but backwards compatible with
hybrid cords.
Until February 2008, the only
standard (published in 2002)
to support 10GBASE-T for a
full 100m.

garding the Next-Generation Firewall (NGFW)?
(A) NGFW can't block modern threats such as advanced
malware and application-layer attacks
(B) NGFW filter packets based on applications
(C) NGFW integrates intrusion prevention system
(D) NGFW can be a low-cost option for companies look-
ing to improve their security
(E) NGFW is considered a more advanced version of the
traditional firewall
Explanation 57. B, C, D and E are the correct answers.

Next-generation firewalls filter network traffic to protect an
94
organization from external threats. Next-generation firewalls are
a more advanced version of the traditional firewall, and they of-
fer the same benefits.
There are also fundamental differences between the tradition-

al firewall and next-generation firewalls.
The most obvious differences between the two are:

1. NGFW can block modern threats such as advanced malware
and application-layer attacks.
2. NGFW filter packets based on applications.
3. NGFW integrates intrusion prevention system.
4. NGFW can be a low-cost option for companies looking to
improve their security.
5. NGFW is considered a more advanced version of the tradi-
tional firewall.
Question 58. Which of the following connection types simplify

the network connectivity by unifying input/out ports and reduc-
ing the number of cables and interface cards?
(A) FCoE
(B) Fibre Channel
(C) iSCSI
(D) InfiniBand
95
Explanation 58. FCoE is the correct answer.
Fiber Channel over Ethernet (FCoE) is a storage protocol that
ensures that Fiber Channel communications are transmitted di-
rectly over Ethernet. FCoE moves Fiber Channel traffic to exist
high-speed Ethernet infrastructures and then integrates stor-
age and IP protocols into a single cable transport and interface.
The purpose of FCoE is to unify input/output (I / O) ports,

simplify switching, and reduce counting of cables and in-
terface cards.
With so many NICs, HBAs, switches, and cables to deal with,

both capital and operational costs to run a data center can in-
crease significantly. FCoE represents a way to drastically re-
duce the number of cards, switches, adapters, and assorted
cabling by running LANs and SANs over the same in-
frastructure.
Question 59. Which of the following connection types is used

for transmitting data among data centers, computer servers,
switches and storage at data rates of up to 128 Gbps.
(A) FCoE
(B) Fibre Channel
(C) iSCSI
(D) InfiniBand
96
Explanation 59. Fibre Channel is the correct answer.
Fibre Channel is a high-speed networking technology primari-
ly used for transmitting data among data centers, computer
servers, switches and storage at data rates of up to 128 Gbps.
In the switched fabric topology that requires switches, all the

devices are connected and communicated via switches. A Fi-
bre Channel switch, namely, is a networking device that is
compatible with the Fibre Channel Protocol (FCP), and features
with high-performance, low-latency, and lossless-transmission
in a Fibre Channel fabric.
Known as one of the main components used in SANs, the Fibre

Channel switch plays an important role in interconnecting mul-
tiple storage ports and servers.
Question 60. A virtual network adapter uses the host physical

network adapter to initiate and manage network communica-
tions.
(A) TRUE
(B) FALSE

A virtual network adapter uses the host physical network
97
adapter to initiate and manage network communications. A vir-
tual network adapter is the logical or software instance of a
physical network adapter that allows a physical computer, vir-
tual machine, or another computer to simultaneously connect
to a network or the Internet.
Question 61. Which of the following Virtual networking com-

ponents provides network traffic filtering and monitoring for vir-
tual machines (VMs) in a virtualized environment?
(A) Virtual NIC
(B) Virtual Router
(C) Virtual Switch
(D) Virtual Firewall
Explanation 60. Virtual Firewall is the correct answer.

A virtual firewall is a firewall device or service that provides
network traffic filtering and monitoring for virtual machines
(VMs) in a virtualized environment. Like a traditional network
firewall, a virtual firewall inspects packets and uses security
policy rules to block unapproved communication between VMs.
A virtual firewall is often deployed as a software appliance.
Question 62. It has been noticed that your co-workers spend

a tremendous amount of time on social media and their pro-
ductivity has been reduced dramatically. Which of the following
98
program would you use to mitigate this phenomenon?
(A) Content Filtering
(B) Social media Filtering
(C) Internet Filtering
(D) Website Filtering
Explanation 62. Content Filtering is the correct answer.

A content filter is any software that controls what a user is al-
lowed to peruse and is most often associated with websites.
Using a content filter, an employer can block access to social
media sites to all users, some users, or even just an individual
user.
Content filtering works by specifying content patterns – such as

text strings or objects within images – that, if matched, indicate
undesirable content that is to be screened out. A content filter
will then block access to this content.
Content filters are often part of Internet firewalls but can be im-
plemented as either hardware or software. In such usage, con-
tent filtering is serving a security purpose – but content filtering
is also used to implement company policies related to informa-
tion system usage.
99
nects multiple switches, to form an even larger network?
(A) Switch
(B) Router
(D) Firewall
Explanation 63. Router is the correct answer.

Router connects multiple switches, to form an even larger net-
work.
Routers work as a dispatcher, directing traffic and choosing the

most efficient route for information, in the form of data packets,
to travel across a network.
A router connects your business to the world, protects informa-

tion from security threats, and even decides which devices
have priority over others.

trols data access between networks?
(A) Switch
(B) Router
(D) Firewall
100
Explanation 64. Firewall is the correct answer.
Firewall controls data access between networks. Firewalls are
either a physical device or software that monitors incoming and
outgoing network traffic and decides whether to allow or block
specific traffic based on a defined set of security rules.

(A) MTRJ
(B) SC
(C) LC
(D) ST
Explanation 65. LC is the correct answer.
101
CHAPTER 3
NETWORK OPERATIONS
Questions 66-86
Question 66. Which of the following tool is designed to reveal

the ports which are open on a network, and determine if those
open ports need to be closed to provide more network security
and fewer vulnerabilities?
(A) Log review
(B) Port scanner
(C) Vulnerability scanner
(D) Packet analyzer

garding Security information and event management (SIEM)?
(A) Provide reports on security-related incidents and
events, such as successful and failed logins
(B) Send alerts if analysis shows that an activity runs
against the rules you set up
(C) Can't monitor and manage networks in real-time
(D) Analyze data to discover and detect threats
(E) SIEM applications can distinguish between sanctioned
file activity from suspicious activity
102
Question 68. One of the features of SNMPv3 is called mes-
sage integrity.
(A) TRUE
(B) FALSE
Question 69. Which of the following VPN related term is a

standard security technology for establishing an encrypted link
between a server and a client?
(A) IPsec (Internet Protocol Security)
(B) Secure Sockets Layer (SSL)
(C) site-to-site virtual private network (VPN)
(D) VPN client-to-site
Question 70. Which of the following process consist of scan-

ning devices (computers, mobile) or other machines on a net-
work for missing software updates and keep the systems up-
dated to avoid security threats?
(A) Software updater
(B) Patch management
(C) Patch scanning
(D) Software scanning
Question 71. Which of the following options provides only

temporary power, when the primary power source is lost?
103
(A) UPS
(B) Power generators
(C) Dual power supplies
(D) Redundant circuits

for its service?
(A) SSH
(B) RDP
(C) Telnet
(D) HTTPS

443 for its service?
(A) SSH
(B) RDP
(C) Telnet
(D) HTTPS
Question 74. Which of the following terms refer to an organiza-

tion’s documented rules about what is to be done, or not done
and who can access particular network resources?
(A) Configurations
(B) Regulations
(C) Policies
104
(D) Procedures
Question 75. _________________ is a metric that represents the

average amount of time required to fix a failed component or
device and return it to the production stage.
(A) MTTR
(B) TTRM
(C) RTMR
(D) TMRT
Question 76. The process of combining multiple network

cards is known as NIC __________________.
(A) Binding
(B) Teaming
(C) Combining
(D) Merging
Question 77. The ability of a system (computer, network, cloud

cluster, etc.) to continue operating without interruption when
one or more of its components fail is called:
(A) Load balancing
(B) Port aggregation
(C) Clustering
(D) Fault tolerance
105
Question 78. FTP uses port numbers 20 and ______ for com-
mand control and data transfer.
(A) 23
(B) 22
(C) 21
(D) 19
Question 79. Which of the following backup types back up

only the data that has changed since the previous backup?
(A) Partial Backups
(B) Differential backups
(C) Incremental backups
(D) Full backups
Question 80. Which of the following protocols is not used pri-

marily for file transfers? (Choose all that apply)
(A) FTP
(B) FTPS
(C) SFTP
(D) TFTP
(E) HTTP
(F) HTTPS
106
Question 81. ______________ measures how many packets arrive
at their destinations successfully.
(A) Bandwidth
(B) Throughput
(C) Error rate
(D) Utilization
Question 82. Out-of-band management provides a way to log

into a network device without going through the same network
through which the data passing through.
(A) TRUE
(B) FALSE
Question 83. _____________ is a service that allows you to con-

nect to the Internet via an encrypted tunnel to ensure your on-
line privacy and protect your sensitive data.
(A) RDP
(B) SSH
(C) VPN
(D) VNC
Question 84. Which of the following stages of disaster recov-

ery sites represents a mirrored copy of the primary production
center?
(A) Hot site
107
(B) Warm site
(C) Cold site
(D) Mirror site

ery sites is a backup facility that has the network connectivity
and the necessary hardware equipment already pre-installed
but cannot perform on the same level as the production center?
(A) Hot site
(B) Warm site
(C) Cold site
(D) Mirror site
Question 86. A physical diagram represents how a network

looks, while a logical diagram represents how the traffic flows
on the network.
(A) TRUE
(B) FALSE
108
Answers 66-86
Question 66. Which of the following tool is designed to reveal

the ports which are open on a network, and determine if those
open ports need to be closed to provide more network security
and fewer vulnerabilities?
(A) Log review
(B) Port scanner
(C) Vulnerability scanner
(D) Packet analyzer
Explanation 66. Port scanner is the correct answer.

Port scanner tool is designed to reveal which ports are open
on a network and determine if those open ports need to be
closed to provide more network security and fewer vulnerabili-
ties.
The tool is used by administrators to verify the security policies

of their networks and by attackers to identify network services
running on a host and exploit vulnerabilities.

garding Security information and event management (SIEM)?
(A) Provide reports on security-related incidents and
events, such as successful and failed logins
109
(B) Send alerts if analysis shows that an activity runs
against the rules you set up
(C) Can't monitor and manage networks in real-time
(D) Analyze data to discover and detect threats
(E) SIEM applications can distinguish between sanctioned
file activity from suspicious activity
Explanation 67. A, B and D are the correct answers.

Security information and event management (SIEM) tools are
an important part of the data security ecosystem, they aggre-
gate data from multiple systems and analyze that data to catch
abnormal behavior or potential attacks.
SIEM tools:
1. Provide reports on security-related incidents and events,

such as successful and failed logins.
2. Send alerts if analysis shows that an activity runs against the
rules you set up.
3. Analyze data to discover and detect threats.
4. SIEM applications can’t distinguish between sanctioned file
activity from suspicious activity.
5. Can monitor and manage networks in real-time.
Question 68. One of the features of SNMPv3 is called mes-

sage integrity.
110
(A) TRUE
(B) FALSE

Simple Network Management Protocol (SNMP) is a way for
different devices on a network to share information with one
another. It allows devices to communicate even if the devices
are different hardware and run different software.
Without a protocol like SNMP, there would be no way for net-

work management tools to identify devices, monitor network
performance, keep track of changes to the network, or deter-
mine the status of network devices in real-time.
Simple Network Management Protocol (SNMP) provides a

message format for communication between what are termed,
managers, and agents. An SNMP manager is a network man-
agement application running on a PC or server, with that host
typically being called a Network Management Station (NMS).
As for the SNMP protocol messages, all versions of SNMP sup-

port a basic clear-text password mechanism, although none of
those versions refer to the mechanism as using a password.
SNMP Version 3 (SNMPv3) adds more modern security as well.
111
The following are SNMPv3 features:
Message integrity: This mechanism, applied to all SNMPv3

messages, confirms whether or not each message has been
changed during transit.
Authentication: This optional feature adds authentication with

both a username and password, with the password never sent
as clear text. Instead, it uses a hashing method like many other
modern authentication processes.
Encryption (privacy): This optional feature encrypts the con-

tents of SNMPv3 messages so that attackers who intercept the
messages cannot read their contents.
Question 69. Which of the following VPN related term is a

standard security technology for establishing an encrypted link
between a server and a client?
(A) IPsec (Internet Protocol Security)
(B) Secure Sockets Layer (SSL)
(C) site-to-site virtual private network (VPN)
(D) VPN client-to-site
Explanation 69. Secure Sockets Layer (SSL) is the correct

answer.
112
Secure Sockets Layer (SSL) is a standard security technology
for establishing an encrypted link between a server and a client
—typically a web server (website) and a browser, or a mail
server and a mail client.
Question 70. Which of the following process consist of scan-

ning devices (computers, mobile) or other machines on a net-
work for missing software updates and keep the systems up-
dated to avoid security threats?
(A) Software updater
(B) Patch management
(C) Patch scanning
(D) Software scanning
Explanation 70. Patch management is the correct answer.

Patch management is the process of updating operating sys-
tems and applications to avoid security threats. Patch man-
agement helps to test and installs multiple code modifications
on existing applications and software tools on a computer,
keeping systems updated and determines which patches are
the appropriate ones.
Patch management consists of scanning computers, mobile

devices, or other machines on a network for missing software
updates, known as “patches” and fixing the problem by de-
113
ploying those patches as soon as they become available.
Question 71. Which of the following options provides only

temporary power, when the primary power source is lost?
(A) UPS
(B) Power generators
(C) Dual power supplies
(D) Redundant circuits
Explanation 71. Secure Sockets Layer (SSL) is the correct

answer.
An uninterruptible power supply (UPS) is a device that al-
lows a computer to keep running for at least a short time when
the primary power source is lost. UPS devices also provide pro-
tection from power surges.

for its service?
(A) SSH
(B) RDP
(C) Telnet
(D) HTTPS
Explanation 72. SSH is the correct answer.
114
443 for its service?
(A) SSH
(B) RDP
(C) Telnet
(D) HTTPS
Explanation 73. HTTPS is the correct answer.
Question 74. Which of the following terms refer to an organiza-

tion’s documented rules about what is to be done, or not done
and who can access particular network resources?
(A) Configurations
(B) Regulations
(C) Policies
(D) Procedures
Explanation 74. Policies is the correct answer.

By definition, policies refer to an organization’s documented
rules about what is to be done, or not done, and why. Policies
dictate who can and cannot access particular network re-
sources, server rooms, backup media, and more.
Although networks might have different policies depending on

their needs, some common policies include the following:
115
Bring your own device (BYOD) policy
Bring-your-own-device (BYOD) policies are set by companies

to allow employees to use their personal smartphones, laptops,
and tablets for work.
Non Disclosure Agreements (NDAs)
A non-disclosure agreement is a legally binding contract that

establishes a confidential relationship. The party or parties
signing the agreement agree that sensitive information they
may obtain will not be made available to any others.
Acceptable use policy (AUP)
An acceptable use policy (AUP) is a document stipulating con-

straints and practices that a user must agree to for access to a
corporate network or the Internet. Many businesses and edu-
cational facilities require that employees or students sign an
acceptable use policy before being granted a network ID.
Password policy
A password policy is a set of rules which were created to im-

prove computer security by motivating users to create depend-
able, secure passwords and then store and utilize them proper-
ly.
116
International export controls
International export controls are a number of laws and regula-

tions that govern what can and cannot be exported when it
comes to software and hardware to various countries. Employ-
ees should take every precaution to make sure they are adher-
ing to the letter of the law.
Data loss prevention
A data loss prevention policy defines how organizations can

share and protect data. It guides how data can be used in deci-
sion making without it being exposed to anyone who should
not have access to it.
Remote access policies
A remote access policy defines the conditions, remote access

permissions, and creates a profile for every remote connection
made to the corporate network.
Question 75. _________________ is a metric that represents the

(A) MTTR
(B) TTRM
(C) RTMR
117
(D) TMRT
Explanation 75. MTTR is the correct answer.

MTTR (mean time to repair) is a metric that represents the
MTTR (Mean time to repair) includes the time it takes to find out
about the failure, diagnose the problem, and repair it. MTTR is a
basic measure of how maintainable an organization’s equip-
ment is and, ultimately, is a reflection of how efficiently an or-
ganization can fix a problem.
Question 76. The process of combining multiple network

cards is known as NIC __________________.
(A) Binding
(B) Teaming
(C) Combining
(D) Merging
Explanation 76. Teaming is the correct answer.

The process of combining multiple network cards is known as
NIC Teaming.
NIC Teaming allows you to group between one and 32 physi-

118
cal Ethernet network adapters into one or more software-based
virtual network adapters.
These virtual network adapters provide fast performance and

fault tolerance in the event of a network adapter failure.
Question 77. The ability of a system (computer, network, cloud

cluster, etc.) to continue operating without interruption when
one or more of its components fail is called:
(A) Load balancing
(B) Port aggregation
(C) Clustering
(D) Fault tolerance
Explanation 77. Fault tolerance is the correct answer.

The ability of a system (computer, network, cloud cluster, etc.)
to continue operating without interruption when one or more of
its components fail is called: Fault tolerance.
The goal of fault-tolerant computer systems is to ensure busi-

ness continuity and high availability by preventing disruptions
arising from a single point of failure. Fault tolerance solutions,
therefore, tend to focus most on mission-critical applications or
systems.
119
Question 78. FTP uses port numbers 20 and ______ for com-
mand control and data transfer.
(A) 23
(B) 22
(C) 21
(D) 19
Explanation 78. 21 is the correct answer.

FTP uses port numbers 20 and 21 for command control and
data transfer. FTP stands for File Transfer Protocol. A proto-
col is a system of rules that networked computers use to com-
municate with one another. FTP is a client-server protocol that
may be used to transfer files between computers on the inter-
net. The client asks for the files and the server provides them.
An FTP server offers access to a directory, with sub-directories.

Users connect to these servers with an FTP client, a piece of
software that lets you download files from the server, as well as
upload files to it.
Question 79. Which of the following backup types back up

only the data that has changed since the previous backup?
(A) Partial Backups
(B) Differential backups
(C) Incremental backups
120
(D) Full backups
Explanation 79. Incremental backups is the correct answer.

Incremental backups backups trying to decrease the amount
of time and the storage space that it takes to do a full backup.
Incremental backups only back up the data that has changed
since the previous backup.
Question 80. Which of the following protocols is not used pri-

marily for file transfers? (Choose all that apply)
(A) FTP
(B) FTPS
(C) SFTP
(D) TFTP
(E) HTTP
(F) HTTPS
Explanation 80. HTTP and HTTPS are the correct answers.

HTTP and HTTPS aren’t used for file transfer, they are primarily
used to deliver Web pages and content to browsers, not for up-
loading and downloading files.
FTP stands for File Transfer Protocol. File Transfer Protocol

(FTP) is a standard Internet protocol for transmitting files be-
tween computers or servers on the Internet, using port 21. FTP
121
is a client-server protocol where a client will ask for a file, and a
local or remote server will provide it the files.
FTPS is also known FTP over TLS. At its core, FTPS (FTP over
SSL) is a secure file transfer protocol that allows you to connect
securely with your trading partners, customers, and users.
FTPS implements strong algorithms like AES and Triple DES to

encrypt file transfers. For authentication when connecting to
trading partner servers and vice versa, FTPS uses a combina-
tion of user IDs, passwords, and/or certificates to verify authen-
ticity.
SFTP stands for SSH File Transfer Protocol, or Secure File

Transfer Protocol is a separate protocol packaged with SSH
that works in a similar way over a secure connection. The ad-
vantage is the ability to leverage a secure connection to trans-
fer files and traverse the filesystem on both the local and re-
mote systems.
Trivial File Transfer Protocol (TFTP) is a simple protocol used

for transferring files. TFTP uses the User Datagram Protocol
(UDP) to transport data from one end to another. TFTP is most-
ly used to read and write files/mail to or from a remote server.
122
Question 81. ______________ measures how many packets arrive
at their destinations successfully.
(A) Bandwidth
(B) Throughput
(C) Error rate
(D) Utilization
Explanation 81. Throughput is the correct answer.

Throughput measures how many packets arrive at their desti-
nations successfully. For the most part, throughput capacity is
measured in bits per second, but it can also be measured in
data per second.
Bandwidth is measured as the amount of data that can be

transferred from one point to another within a network in a spe-
cific amount of time. Typically, bandwidth is expressed as a bi-
trate and measured in bits per second (bps).
Error rates refer to the frequency of errors occurred, defined as

“the ratio of a total number of data units in error to the total
number of data units transmitted.” As the error rate increases,
the data transmission reliability decreases.
Network utilization is the ratio of current network traffic to the

maximum traffic that the port can handle. It indicates the
123
bandwidth used in the network. While high network utilization
indicates the network is busy, low network utilization indicates
the network is idle.
Question 82. Out-of-band management provides a way to log

into a network device without going through the same network
through which the data passing through.
(A) TRUE
(B) FALSE

Out-of-band management provides a way to log into a network
device without going through the same network through which
the data passing through.
That means the management traffic is confined to the console

port (from the PC connecting with rollover cable) and AUX port
(through a modem and the phone line) and does not mix in with
any of the network’s data.
Question 83. _____________ is a service that allows you to con-

nect to the Internet via an encrypted tunnel to ensure your on-
line privacy and protect your sensitive data.
(A) RDP
(B) SSH
124
(C) VPN
(D) VNC
Explanation 83. VPN is the correct answer.

is a service that allows you to connect to the Internet via an en-
crypted tunnel to ensure your online privacy and protect your
sensitive data.
You can use a Virtual Private Network (VPN) to:

1. Bypass geographic restrictions on websites or streaming au-
dio and video.
2. Protect yourself from snooping on untrustworthy Wi-Fi
hotspots.
3. Gain anonymity online by hiding your true location.

ery sites represents a mirrored copy of the primary production
center?
(A) Hot site
(B) Warm site
(C) Cold site
(D) Mirror site
Explanation 84. Hot site is the correct answer.

Hot Site is a backup facility that represents a mirrored copy of
125
the primary production center. The most important feature of-
fered from a hot site is that the production environment(s) are
running with your main datacenter at the same time.
This syncing allows for minimal downtime to business opera-

tions. In the event of a significant outage event to your main
data center, the hot site can take the place of the impacted site
immediately.

ery sites is a backup facility that has the network connectivity
and the necessary hardware equipment already pre-installed
but cannot perform on the same level as the production center?
(A) Hot site
(B) Warm site
(C) Cold site
(D) Mirror site
Explanation 85. Warm site is the correct answer.

Warm Site is a backup facility that has the network connectivi-
ty and the necessary hardware equipment already pre-installed
but cannot perform on the same level as the production center.
The difference between a hot site and a warm site is that while
the hot site provides a mirror of the production data-center and
126
its environment(s), a warm site will contain only servers ready
for the installation of production environments.
Therefore, a warm site has less operational capacity than the

primary site. Moreover, data synchronization between the pri-
mary and secondary sites is performed daily or weekly, which
can result in minor data loss. A warm site is perfect for organi-
zations that operate with less critical data and can tolerate a
short period of downtime.
Question 86. A physical diagram represents how a network

looks, while a logical diagram represents how the traffic flows
on the network.
(A) TRUE
(B) FALSE

A physical diagram represents how a network looks, while
a logical diagram represents how the traffic flows on the net-
work.
A physical network diagram shows the actual physical

arrangement of the components that make up the network, in-
cluding cables and hardware. Typically, the diagram gives a
bird’s eye view of the network in its physical space, like a floor-
127
plan.
A logical network diagram describes the way information

flows through a network. Therefore, logical network diagrams
typically show subnets (including VLAN IDs, masks, and ad-
dresses), network devices like routers and firewalls, and routing
protocols.
128
CHAPTER 4
NETWORK SECURITY
Questions 87-110
Question 87. What is used as the authentication server in

802.1X?
(A) RADIUS server
(B) DHCP server
(C) TACACS+ server
(D) DNS server
Question 88. An authorized simulated attack on a system with

the purpose of identifying weak spots that attackers could take
advantage of is known as:
(A) Simulated Attack
(B) Penetration Testing
(C) Attack Testing
(D) Identify Weak Spots
Question 89. You have been tasked to identify all connections

and listening ports on your device. Assuming you are working
on a Windows environment. Which command will you type to
complete the task?
129
(A) ping
(B) netstat
(C) ipconfig
(D) tracert
Question 90. Multifactor authentication combines two or more

independent credentials: what the user knows (password),
what the user has (security token) and what the user is (bio-
metric verification).
(A) TRUE
(B) FALSE
Question 91. Which of the following switch port protection

techniques ensures that you do not create loops when you
have redundant paths in your network?
(A) Flood guard
(B) Root guard
(C) Spanning tree
(D) DHCP snooping

techniques protects switches against MAC flood attacks?
(A) Flood guard
(B) Root guard
(C) Spanning tree
130
(D) DHCP snooping
Question 93. You have been tasked to blacklist certain com-

puters to connect on the Wi-Fi, based on their MAC address.
Which of the following tools will you use in order to complete
the task?
(A) EAP
(B) Preshared key
(C) Geofencing
(D) MAC Filtering
Question 94. What can be accomplished with a brute-force

attack?
(A) Make a server unavailable
(B) Guess a user’s password
(C) Spoof every possible IP address
(D) Alter a routing table
Question 95. __________________ is a physical or logical subnet

aiming to separate an internal LAN from other untrusted net-
works. External-facing servers, resources, and/or services are
located in that place, so they are accessible from the internet,
but the rest of the internal LAN remains unreachable and safe.
(A) ACL
(B) Honeynet
131
(C) DMZ
(D) VLAN
Question 96. Which of the following attacks doesn’t require

the use of technology in order to get access to sensitive data?
(A) Social engineering
(B) Man-in-the-middle
(C) VLAN Hopping
(D) Ransomware
Question 97. Which of the following attacks typically function

by overwhelming or flooding a targeted machine with requests
until normal traffic is unable to be processed?
(A) DoS
(B) Spoofing
(C) Reconnaissance
(D) Phising
Question 98. Exploits are a weakness in software systems,

while vulnerabilities are attacks made to take advantage of ex-
ploits.
(A) TRUE
(B) FALSE
132
Question 99. Which of the following networking attacks re-
direct online traffic to a fraudulent website that resembles its in-
tended destination?
(A) DNS poisoning
(B) Phishing
(C) War-driving
(D) ARP poisoning
Question 100. Which encryption algorithm is used by WPA2?

(A) DES
(B) CCMP-AES
(C) 3DES
(D) RSA
Question 101. Which networking attack uses psychological

manipulation to trick users into making security mistakes or
giving away sensitive information
(A) Rogue Access Point
(B) Logic Bomb
(C) Evil Twin
(D) Social Engineering
Question 102. Which networking attack is a fake Wi-Fi net-

work that looks like a legitimate access point to steal victims’
sensitive details
133
(B) Logic Bomb
(C) Evil Twin
Question 103. File _____________ is used to verify that the con-

tent of files isn’t modified while transferring over the network.
(A) Checking
(B) Hashing
(C) Altering
(D) Modifying
Question 104. Biometrics uses a unique physical characteristic

of a person to permit access to a controlled IT resource.
(A) TRUE
(B) FALSE
Question 105. Which one of the following attacks requires the

attacker to be on the same network as the victim?
(A) DNS poisoning
(B) Social engineering
(C) Logic bomb
(D) ARP poisoning
134
Question 106. Which of the following protocols are considered
secure protocols? (Choose all that apply)
(A) HTTP
(B) FTP
(C) SSH
(D) HTTPS
(E) Telnet
Question 107. Given the following passwords, which of these

you would choose to make your account harder to hack?
(A) 3x@m$d1g3$td0tC0m
(B) 1234567
(C) Mike1978
(D) rcfPEj43gvRGC23
(E) admin
Question 108. AAA servers usually support the protocol

TACACS+ and _________________ to communicate with enterprise
resources.
(A) HTTP
(B) RADIUS
(C) FTP
(D) DNS
135
Question 109. A Logic bomb is a malicious program that is
triggered when a logical condition is met, such as after a num-
ber of transactions have been processed.
(A) TRUE
(B) FALSE
Question 110. The act of locating and exploiting connections

to wireless local area networks while driving around a city is
called:
(A) Exploit WLAN
(C) War driving
(D) City poisoning
136
Answers 87-110
Question 87. What is used as the authentication server in

802.1X?
(A) RADIUS server
(B) DHCP server
(C) TACACS+ server
(D) DNS server
Explanation 87. RADIUS server is the correct answer.

802.1x is a network authentication protocol that opens ports for
network access when an organization authenticates a user’s
identity and authorizes them for access to the network. The
user’s identity is determined based on their credentials or cer-
tificate, which is confirmed by the RADIUS server.
The 802.1X standard is designed to enhance the security of

wireless local area networks (WLANs) that follow the IEEE
802.11 standard. 802.1X provides an authentication framework
for wireless LANs, allowing a user to be authenticated by a cen-
tral authority.
Question 88. An authorized simulated attack on a system with

the purpose of identifying weak spots that attackers could take
advantage of is known as:
137
(A) Simulated Attack
(B) Penetration Testing
(C) Attack Testing
(D) Identify Weak Spots
Explanation 88. Penetration Testing is the correct answer.

An authorized simulated attack on a system with the purpose
of identifying weak spots that attackers could take advantage
of is known as Penetration Testing.
The attacks are made from security experts to find and exploit
vulnerabilities in a computer system.
Types of pen tests:

1. White box pen test – In a white box test, the hacker will be
provided with some information ahead of time regarding the
target company’s security info.
2. Black box pen test – Also known as a ‘blind’ test, this is one
where the hacker is given no background information besides
the name of the target company.
3. Covert pen test – Also known as a ‘double-blind’ pen test,

this is a situation where almost no one in the company is aware
138
that the pen test is happening, including the IT and security
professionals who will be responding to the attack. For covert
tests, it is especially important for the hacker to have the scope
and other details of the test in writing beforehand to avoid any
problems with law enforcement.
4. External pen test – In an external test, the ethical hacker

goes up against the company’s external-facing technology,
such as their website and external network servers. In some
cases, the hacker may not even be allowed to enter the com-
pany’s building. This can mean conducting the attack from a
remote location or carrying out the test from a truck or van
parked nearby.
5. Internal pen test – In an internal test, the ethical hacker per-

forms the test from the company’s internal network. This kind
of test is useful in determining how much damage a disgruntled
employee can cause from behind the company’s firewall.
Question 89. You have been tasked to identify all connections

and listening ports on your device. Assuming you are working
on a Windows environment. Which command will you type to
complete the task?
(A) ping
(B) netstat
139
(C) ipconfig
(D) tracert
Explanation 89. netstat is the correct answer.

The command netstat identifies all connections and listening
ports on your device.
Netstat derived from the words network and statistics is a

command line tool that delivers statistics on all network activi-
ties and informs users on which portsand addresses the corre-
sponding connections (TCP, UDP) are running and which ports
are open for tasks.
Question 90. Multifactor authentication combines two or more

independent credentials: what the user knows (password),
what the user has (security token) and what the user is (bio-
metric verification).
(A) TRUE
(B) FALSE

Multifactor authentication combines two or more indepen-
dent credentials: what the user knows (password), what the
user has (security token) and what the user is (biometric verifi-
cation).
140
Something you know: A user name, a password, a
passphrase, or a personal identification number (PIN).
Something you have: A physical security device that authen-

ticates you, such as a smart card, badge, or key fob.
Something you are: Some distinguishing, unique characteris-

tic, such as a biometric.
Somewhere you are: The location factor; requires you to be in

a space to authenticate.

techniques ensures that you do not create loops when you
have redundant paths in your network?
(A) Flood guard
(B) Root guard
(C) Spanning tree
(D) DHCP snooping
Explanation 91. Spanning tree is the correct answer.

Spanning Tree Protocol (STP) is a Layer 2 protocol that runs
on switches. The main purpose of STP is to ensure that you do
not create bridge loops when you have redundant paths in
141
your network.
A switching loop or bridge loop occurs in computer networks

when there is more than one path between two endpoints. The
loop creates broadcast storms as broadcasts and multicasts
are forwarded by switches out every port, the switch or switch-
es will repeatedly rebroadcast the broadcast messages flood-
ing the network.

techniques protects switches against MAC flood attacks?
(A) Flood guard
(B) Root guard
(C) Spanning tree
(D) DHCP snooping
Explanation 92. Flood guard is the correct answer.

Flood guard is a feature that is included in many switches that
protect them against MAC flood attacks. When enabled, the
switch will limit the amount of memory used to store MAC ad-
dresses for each port.
For example, the switch can limit the number of entries for any
port to 5 entries. Then, if the switch detects an attempt to store
more than 5 entries, it raises an alert.
142
Question 93. You have been tasked to blacklist certain com-
puters to connect on the Wi-Fi, based on their MAC address.
Which of the following tools will you use in order to complete
the task?
(A) EAP
(B) Preshared key
(C) Geofencing
(D) MAC Filtering
Explanation 93. MAC Filtering is the correct answer.

MAC filtering is a security method based on access control.
MAC filtering helps in listing a set of allowed devices that you
want on your Wi-Fi and the list of denied devices that you don’t
want on your Wi-Fi.
It helps in preventing unwanted access to the network. In a

way, we can blacklist or white list certain computers based on
their MAC address.
Question 94. What can be accomplished with a brute-force

attack?
(A) Make a server unavailable
(B) Guess a user’s password
(C) Spoof every possible IP address
143
(D) Alter a routing table
Explanation 94. Guess a user’s password is the correct an-

swer.
A brute force attack is an attempt to crack a password or
username using a trial and error approach. In a brute-force at-
tack, an attacker’s software tries every combination of letters,
numbers, and special characters to eventually find a string that
matches a user’s password.
Question 95. __________________ is a physical or logical subnet

aiming to separate an internal LAN from other untrusted net-
works. External-facing servers, resources, and/or services are
located in that place, so they are accessible from the internet,
but the rest of the internal LAN remains unreachable and safe.
(A) ACL
(B) Honeynet
(C) DMZ
(D) VLAN
Explanation 95. DMZ is the correct answer.

(Demilitarized Zone) also known as perimeter network is a
physical or logical subnet aiming to separate an internal LAN
from other untrusted networks.
144
External-facing servers, resources, and/or services are located
in that place, so they are accessible from the internet, but the
rest of the internal LAN remains unreachable and safe.
Question 96. Which of the following attacks doesn’t require

the use of technology in order to get access to sensitive data?
(A) Social engineering
(B) Man-in-the-middle
(C) VLAN Hopping
(D) Ransomware
Explanation 96. Social engineering is the correct answer.

Social engineering is used for a variety of malicious actions
accomplished through human interactions. It uses psychologi-
cal manipulation to trick users into making security mistakes or
giving away sensitive information.
A perpetrator first investigates the intended victim to gather

necessary information, such as potential points of entry and
weak security protocols, needed to proceed with the attack.
Question 97. Which of the following attacks typically function

by overwhelming or flooding a targeted machine with requests
until normal traffic is unable to be processed?
(A) DoS
145
(B) Spoofing
(C) Reconnaissance
(D) Phising
Explanation 97. DoS is the correct answer.

A denial-of-service (DoS) attack is a type of cyber attack in
which a malicious actor aims to render a computer or other de-
vice unavailable to its intended users by interrupting the de-
vice’s normal functioning.
DoS attacks typically function by overwhelming or flooding a

targeted machine with requests until normal traffic is unable to
be processed, resulting in denial-of-service to additional users.
A DoS attack is characterized by using a single computer to
launch the attack.
Question 98. Exploits are a weakness in software systems,

while vulnerabilities are attacks made to take advantage of ex-
ploits.
(A) TRUE
(B) FALSE

Vulnerabilities are a weakness in software systems, while ex-
ploits are attacks made to take advantage of vulnerabilities.
146
Vulnerabilities are essentially weak points in software code and
exploits are software programs that were specifically designed
to attack systems with vulnerabilities.
Question 99. Which of the following networking attacks re-

direct online traffic to a fraudulent website that resembles its in-
tended destination?
(A) DNS poisoning
(B) Phishing
(C) War-driving
(D) ARP poisoning
Explanation 99. DNS poisoning is the correct answer.

DNS poisoning is a networking attack in which the DNS
records are altered aiming to redirect online traffic to a fraudu-
lent website that resembles its intended destination.
Question 100. Which encryption algorithm is used by WPA2?

(A) DES
(B) CCMP-AES
(C) 3DES
(D) RSA
Explanation 100. CCMP-AES is the correct answer.

147
WPA2 uses CCMP-AES. CCMP stands for Counter Mode with
Cipher Block Chaining Message Authentication. CCMP pro-
vides authentication, confidentiality, and integrity checking ser-
vices to any cryptographic system in which it is used. Under
the hood of CCMP is the AES algorithm.
CCMP is an encryption protocol designed for Wireless LAN

products. It’s an enhanced data cryptographic encapsulation
mechanism designed for data confidentiality and based upon
the Counter Mode with CBC-MAC (CCM mode) of the Ad-
vanced Encryption Standard (AES) standard.
It was created to address the vulnerabilities presented by Wired

Equivalent Privacy (WEP), a dated, insecure protocol.
Question 101. Which networking attack uses psychological

manipulation to trick users into making security mistakes or
giving away sensitive information
(B) Logic Bomb
(C) Evil Twin
Explanation 101. Social Engineering is the correct answer.

Social engineering is used for a variety of malicious actions
148
accomplished through human interactions. It uses psychologi-
cal manipulation to trick users into making security mistakes or
giving away sensitive information.
A perpetrator first investigates the intended victim to gather

necessary information, such as potential points of entry and
weak security protocols, needed to proceed with the attack.
Question 102. Which networking attack is a fake Wi-Fi net-

work that looks like a legitimate access point to steal victims’
sensitive details
(B) Logic Bomb
(C) Evil Twin
Explanation 102. Evil Twin is the correct answer.

An Evil twin is a fake Wi-Fi network that looks like a legitimate
access point to steal victims’ sensitive details. The fake Wi-Fi
access point is used to eavesdrop on users and steal their login
credentials or other sensitive information.
Because the hacker owns the equipment being used, the victim
will have no idea that the hacker might be intercepting things
like bank transactions.
149
An evil twin access point can also be used in a phishing scam.
In this type of attack, victims will connect to the evil twin and
will be lured to a phishing site.
Question 103. File _____________ is used to verify that the con-

tent of files isn’t modified while transferring over the network.
(A) Checking
(B) Hashing
(C) Altering
(D) Modifying
Explanation 103. Hashing is the correct answer.

File hashing is used to verify that the content of files isn’t mod-
ified while transferring over the network.
Question 104. Biometrics uses a unique physical characteristic

of a person to permit access to a controlled IT resource.
(A) TRUE
(B) FALSE

Biometrics uses a unique physical characteristic of a person to
permit access to a controlled IT resource.
150
Question 105. Which one of the following attacks requires the
attacker to be on the same network as the victim?
(A) DNS poisoning
(C) Logic bomb
(D) ARP poisoning
Explanation 105. ARP poisoning is the correct answer.

Address Resolution Protocol (ARP) poisoning is when an at-
tacker sends falsified ARP messages over a local area network
(LAN) to link an attacker’s MAC address with the IP address of a
legitimate computer or server on the network.
Once the attacker’s MAC address is linked to an authentic IP

address, the attacker can receive any messages directed to the
legitimate MAC address. As a result, the attacker can intercept,
modify, or block communicates to the legitimate MAC address.
Question 106. Which of the following protocols are considered

secure protocols? (Choose all that apply)
(A) HTTP
(B) FTP
(C) SSH
(D) HTTPS
(E) Telnet
151
Explanation 106. SSH and HTTPS are the correct answers.
The only difference between Hypertext Transfer Protocol
(HTTP) and Hypertext transfer protocol secure
(HTTPS) protocols is that HTTPS uses TLS (SSL) to encrypt
normal HTTP requests and responses. As a result, HTTPS is far
more secure than HTTP.
File Transfer Protocol (FTP) is a standard Internet protocol for

transmitting files between computers or servers on the Internet,
using port 21. FTP is a client-server protocol where a client will
ask for a file, and a local or remote server will provide it the files.
The secure version of the FTP is FTPS (FTP over SSL) which is
a secure file transfer protocol that allows you to connect se-
curely with your trading partners, customers, and users.
SSH, or Secure Shell, is a remote administration protocol that

allows users to control and modify their remote servers over the
Internet. The service was created as a secure replacement for
the unencrypted Telnet and uses cryptographic techniques to
ensure that all communication to and from the remote server
happens in an encrypted manner.
Question 107. Given the following passwords, which of these

152
you would choose to make your account harder to hack?
(A) 3x@m$d1g3$td0tC0m
(B) 1234567
(C) Mike1978
(D) rcfPEj43gvRGC23
(E) admin
Explanation 107. A and D are the correct answers.

One of the most common ways that hackers break into com-
puters is by guessing passwords. Simple and commonly used
passwords enable intruders to easily gain access and control of
a computing device.
Here are some useful tips for ensuring your passwords are
as strong as possible:
1. The longer the password the better

2. Include numbers, symbols, lowercase and uppercase
3. Avoid using personal information such as your name, sur-
name, and birthday
4. Avoid using the same password across multiple sites
Change your password regularly
Question 108. AAA servers usually support the protocol

153
TACACS+ and _________________ to communicate with enterprise
resources.
(A) HTTP
(B) RADIUS
(C) FTP
(D) DNS
Explanation 108. RADIUS is the correct answer.

AAA servers usually support the protocol TACACS+ and RA-
DIUS to communicate with enterprise resources.
Authentication, authorization, and accounting (AAA) manage

user activity to and through systems.
You can think of AAA in the following manner:
1) Authentication: Who is the user?
2) Authorization: What is the user allowed to do?
3) Accounting: What did the user do?
Cisco implements AAA services in its Identity Services Engine

(ISE) platform.
AAA servers support the following two protocols to com-

municate with enterprise resources:
TACACS+: TACACS+ A Cisco proprietary protocol that sepa-
rates each of the AAA functions. Communication is secure and
154
encrypted over TCP port 49.
One of the key differentiators of TACACS+ is its ability to sepa-

rate authentication, authorization, and accounting as separate
and independent functions. This is why TACACS+ is so com-
monly used for device administration, even though RADIUS is
still certainly capable of providing device administration AAA.
RADIUS: Radius is a network protocol that controls user net-

work access via authentication and accounting. Commonly
used by Internet Service Providers (ISPs), cellular network
providers, and corporate and educational networks.
The RADIUS protocol serves three primary functions:

1. Authenticates users or devices before allowing them access
to a network
2. Authorizes those users or devices for specific network ser-
vices
3. Accounts for the usage of those services
Question 109. A Logic bomb is a malicious program that is

triggered when a logical condition is met, such as after a num-
ber of transactions have been processed.
(A) TRUE
(B) FALSE
155
A Logic bomb is a malicious program that is triggered when a
logical condition is met, such as after a number of transactions
have been processed or on a specific date (also called a time
bomb).
Malware such as worms often contains logic bombs, which be-

have in one manner and then change tactics on a specific date
and time.
Question 110. The act of locating and exploiting connections

to wireless local area networks while driving around a city is
called:
(A) Exploit WLAN
(C) War driving
(D) City poisoning
Explanation 110. War driving is the correct answer.

War driving, is the act of locating and exploiting connections to
wireless local area networks while driving around a city, neigh-
borhood, or elsewhere.
To do war driving, you need a vehicle (car), a computer, a wire-

156
less Ethernet card set to work in promiscuous mode, and some
kind of an antenna that can be mounted on top of or positioned
inside the car.
Because a wireless LAN may have a range that extends beyond

an office building, an outside user may be able to intrude into
the network, obtain a free Internet connection, and possibly
gain access to company records and other resources.
157
CHAPTER 5
NETWORK TROUBLESHOOTING
AND TOOLS
Questions 111-125
Question 111. You have been tasked to label the cables in a

wiring closet. Which of the following tools are you most likely to
use to locate the physical ends of the cable?
(A) Light meter
(B) Tone generator
(C) Loopback adapter
(D) Spectrum analyzer
Question 112. Identify the hardware tool from the photo below:
158
(A) Cable tester
(B) Crimper tool
(C) Tone generator
(D) Punch down tool
Question 113. Users complain that they can’t reach the site
www.examsdigest.com but they can reach other sites. You try
to access the site and discover you can’t connect either, but
you can ping the site with its IP address. Which of the following
is the most possible cause?
(A) Users have wrong IP settings
(B) The router is doesn't work
(C) The site www.examsdigest.com
(D) The DNS server is down
Question 114. Assuming you are on a Windows environment,

what command will you type to check if a networked device is
reachable?
(A) ping
(B) nslookup
(C) ipconfig
(D) route
159
ronment. Type the missing command to discover your IP infor-
mation, including DHCP and DNS server addresses.
(A) ipconfig/stats
(B) ipconfig/info
(C) ipconfig/all
(D) ipconfig/address
Question 116. Any device that uses the same frequency range
as the wireless device can cause interference.
(A) TRUE
(B) FALSE
Question 117. Switch 1 port 1 is configured for native VLAN: 1,

allowed VLANs: all. This port connects to switch 2 port 10
which is configured for native VLAN: 1, allowed VLANs: 1, 2,
and 4 only. In this scenario, a host in VLAN 3 on switch 1 would
not be able to communicate with a host on switch 2 in the
same VLAN.
The above issue is known as a VLAN ________________.
(A) error
(B) mismatch
(C) misconfiguration
(D) conflict
160
Question 118. Which of the following describes the loss of
signal strength as a signal travels through a particular medium?
(A) Crosstalk
(B) Jitter
(C) Attenuation
(D) Latency
Question 119. PC1 can ping the printer device on the Market-
ing team network but can’t ping the printer on the Sales team
network. Assuming you are working on a Windows environ-
ment, what command will you type to get details about the
route that packets go through from the PC1 to the printer on the
Sales team network?
(A) ping
(B) tracert
(C) nslookup
(D) route
Question 120. A/an _______________ DHCP server is a DHCP

server set up on a network by an unauthorized user, usually an
attacker. The unauthorized device is commonly a modem with
DHCP capabilities which a user has attached to the network
aiming to use it for network attacks such as man in the middle.
161
(A) Fake
(B) Untrust
(C) Clone
(D) Rogue
Question 121. Which of the following options can’t affect the

wireless signal in the network?
(A) Refraction
(B) Reflection
(C) Crosstalk
(D) Absorption
Question 122. Which of the following tools aids in monitoring

network traffic and troubleshooting a network by capturing and
analyzing packets that flow through that network?
(A) Port scanner
(B) Packet sniffer
(C) Protocol analyzer
(D) Bandwidth speed tester
Question 123. Your co-worker tells you that he is having a

problem accessing his email. What is the first step in the trou-
bleshooting process?
(A) Establish a theory of probable cause
162
(B) Document the issue
(C) Establish a plan of action to resolve the problem
(D) Gather information by asking questions
Question 124. Which of the following tools can you use to per-
form manual DNS lookups? Assuming you are working on a
Linux environment. (Choose all that apply)
(A) route
(B) pathping
(C) dig
(D) nslookup
(E) ifconfig
Question 125. Which of the following steps is the final step in

the network troubleshooting process?
(A) Verify full system functionality and, if applicable, imple-
ment preventive measures
(B) Implement the solution or escalate as necessary
(C) Document findings, actions, and outcomes
(D) Establish a plan of action to resolve the problem and
identify potential effects
163
Answers 111-125
Question 111. You have been tasked to label the cables in a

wiring closet. Which of the following tools are you most likely to
use to locate the physical ends of the cable?
(A) Light meter
(B) Tone generator
(C) Loopback adapter
(D) Spectrum analyzer
Explanation 111. Tone generator is the correct answer.

Tone generator. A tone generator applies a tone signal to a
wire pair or single conductor, and trace with an amplifier probe.
When used with the amplifier probe, the tone generator allows
technicians to identify a wire within a bundle, at a cross-con-
nect or at a remote end.
164
Question 112. Identify the hardware tool from the photo below:
(A) Cable tester

(B) Crimper tool
(C) Tone generator
(D) Punch down tool
Explanation 112. Crimper tool is the correct answer.

The crimping tool is a special device used to attach a connec-
tor to the end of a phone or network cable. RJ-11 and RJ-45
connectors are the most common connectors used for cables
and they can be attached to the end of a cable only with a
crimping tool.
Question 113. Users complain that they can’t reach the site
www.examsdigest.com but they can reach other sites. You try
165
to access the site and discover you can’t connect either, but
you can ping the site with its IP address. Which of the following
is the most possible cause?
(A) Users have wrong IP settings
(B) The router is doesn't work
(C) The site www.examsdigest.com
(D) The DNS server is down
Explanation 113. The DNS server is down is the correct an-

swer.
The above scenario describes a DNS issue, so the DNS server
is down. By pinging the site with its IP address, you have es-
tablished that the site is up and running.
Also, users have correct IP settings, and the router works fine,
as the users can access other sites.
Question 114. Assuming you are on a Windows environment,

what command will you type to check if a networked device is
reachable?
(A) ping
(B) nslookup
(C) ipconfig
(D) route
166
Explanation 114. ping is the correct answer.
In order to check if a networked device is reachable you should
type the command ping in the command line.

ronment. Type the missing command to discover your IP infor-
mation, including DHCP and DNS server addresses.
(A) ipconfig/stats
(B) ipconfig/info
(C) ipconfig/all
(D) ipconfig/address
Explanation 115. ipconfig/all is the correct answer.

The command ipconfig/all displays full configuration informa-
tion.
You can discover your IP address, subnet mask, Default gate-

way, DHCP, and DNS IP addresses.The command ipconfig/all
displays full configuration information.
You can discover your IP address, subnet mask, Default gate-

way, DHCP, and DNS IP addresses.
Question 116. Any device that uses the same frequency range
as the wireless device can cause interference.
167
(A) TRUE
(B) FALSE

Your wireless network is most probably affected by wireless in-
terference when the following symptoms occur: intermittent
connectivity or unexpected disconnections, delays in connec-
tion and data transfer, slow network speeds, and poor signal
strength.
The usual source for Wi-Fi interference is something that caus-

es radio frequency interference:
1. The way wireless router is positioned
2. Physical obstacles, like walls, floors, trees and buildings
3. Any other wireless appliances that uses the same frequency
range (baby monitors, garage door openers, etc.)
4. Kitchen appliances, such as microwave or fridge
5. Other Wi-Fi networks in the same space
6. Weather conditions can have an impact on wireless signal
Question 117. Switch 1 port 1 is configured for native VLAN: 1,

allowed VLANs: all. This port connects to switch 2 port 10
which is configured for native VLAN: 1, allowed VLANs: 1, 2,
and 4 only. In this scenario, a host in VLAN 3 on switch 1 would
not be able to communicate with a host on switch 2 in the
168
same VLAN.
The above issue is known as a VLAN ________________.
(A) error
(B) mismatch
(C) misconfiguration
(D) conflict
Explanation 117. mismatch is the correct answer.

VLANs provide a method to segment and organize the net-
work. Segmenting the network offers some advantages. It pro-
vides increased security because devices can communicate
only with other systems in the VLAN.
Users can see only the systems in their VLAN segment. This
can help control broadcast traffic and makes it easier to move
end systems around the network.
Problems can arise when users are moved or otherwise con-

nected to the wrong VLAN. Administrators have to ensure that
the user system is plugged into the correct VLAN port.
For example, suppose a network is using port-based VLANs to

assign ports 1 through 4 to the marketing department and ports
5 through 10 to the sales department. Plugging a sales client
into port 2 would make that sales client part of the marketing
169
network.
This issue is known as a VLAN mismatch.
Question 118. Which of the following describes the loss of

signal strength as a signal travels through a particular medium?
(A) Crosstalk
(B) Jitter
(C) Attenuation
(D) Latency
Explanation 118. Attenuation is the correct answer.

VLANs provide a method to segment and organize the net
Attenuation refers to any reduction in signal loss, calculated as
a ratio of the power input signal to the output signal.
Network media vary in their resistance to attenuation. Coaxial

cable generally is more resistant than unshielded twisted-pair
(UTP); shielded twisted- pair (STP) is slightly more resistant
than UTP; and fiber-optic cable does not suffer from attenua-
tion.
Attenuation occurs on computer networks for several rea-

sons including:
1. Range for wireless or length of run for wired networks
170
2. Interference from other networks or physical obstructions for
wireless systems
3. Wire size, thicker wires are better
Reducing attenuation in an electrical system and improving

performance can be achieved by increasing the power of a sig-
nal through a signal amplifier or repeaters.
Question 119. PC1 can ping the printer device on the Market-
ing team network but can’t ping the printer on the Sales team
network. Assuming you are working on a Windows environ-
ment, what command will you type to get details about the
route that packets go through from the PC1 to the printer on the
Sales team network?
(A) ping
(B) tracert
(C) nslookup
(D) route
Explanation 119. tracert is the correct answer.

The tracert command is one of the key diagnostic tools for
TCP/IP. It displays a list of all the routers that a packet must go
through to get from the computer where tracert is run to any
other computer on the Internet.
171
To use tracert, type the tracert command followed by the host-
name of the computer to which you want to trace the route.
For example, suppose that the printer on the Sales team net-
work has an IP of 123.123.123.123 then you can use the com-
mand tracert 123.123.123.123
Question 120. A/an _______________ DHCP server is a DHCP

server set up on a network by an unauthorized user, usually an
attacker. The unauthorized device is commonly a modem with
DHCP capabilities which a user has attached to the network
aiming to use it for network attacks such as man in the middle.
(A) Fake
(B) Untrust
(C) Clone
(D) Rogue
Explanation 120. Rogue is the correct answer.

A Rogue DHCP server is a DHCP server set up on a network by
an unauthorized user, usually an attacker. The unauthorized
device is commonly a modem with DHCP capabilities which a
user has attached to the network aiming to use it for network
attacks such as man in the middle.
172
Question 121. Which of the following options can’t affect the
wireless signal in the network?
(A) Refraction
(B) Reflection
(C) Crosstalk
(D) Absorption
Explanation 121. Crosstalk is the correct answer.

Crosstalk is a form of interference in which signals in one cable
induce electromagnetic interference (EMI) in an adjacent cable.
The twisting in twisted-pair cabling reduces the amount of
crosstalk that occurs, and crosstalk can be further reduced by
shielding cables or physically separating them. Crosstalk is a
feature of copper cables only – fiber-optic cables do not expe-
rience crosstalk.
Crosstalk is the only option that involves cables so it can’t

affect a wireless signal.
Refraction is the bending of signals as it passes from one

medium to another. Refraction causes degradation in signal
strength and sometimes loss of communication in Point to
Point links.
Reflection is caused by light bouncing off of objects, which

173
causes multipath propagation of signals. This makes the sig-
nals vulnerable to interference and even fading. Furthermore,
wireless access points (WAPs) get overworked when a signal
sent by one device takes many different paths to get to the re-
ceiving systems.
Absorption happens when an RF signal passes into a material

that can absorb some of its energy, then the signal will be at-
tenuated. The more dense the material, the more the signal will
be attenuated.
Question 122. Which of the following tools aids in monitoring

network traffic and troubleshooting a network by capturing and
analyzing packets that flow through that network?
(A) Port scanner
(B) Packet sniffer
(C) Protocol analyzer
(D) Bandwidth speed tester
Explanation 122. Packet sniffer is the correct answer.

A packet sniffer is essentially a tool that aids in monitoring
network traffic and troubleshooting a network.
It works by capturing and analyzing packets of data that flow

through a particular network. Some sniffers come as programs
174
you run on a computer, while others manifest as dedicated
hardware devices.
A Port scanner is a method for determining which ports on a

network are open. As ports on a computer are the place where
information is sent and received. Ports are points at which in-
formation comes and goes from a computer, so by scanning for
open ports, attackers can find weakened pathways with which
to enter your computer
Port scanning is one of the most popular techniques attackers

use to discover services they can exploit to break into your
computer system.
A Protocol analyzer protocol analyzer captures and analyzes

signals and data traffic over a communication channel (not a
network).
The difference between a protocol analyzer and packet sniffer

are:
1. A packet sniffer records packets observed on a network in-
terface.
2. A packet analyzer looks at packets and tries to make some
inferences about what they contain.
175
Bandwidth speed tester is a way to measure the data flow in
a network. It’s an indication of how fast the data are transferred
through a network.
Question 123. Your co-worker tells you that he is having a

problem accessing his email. What is the first step in the trou-
bleshooting process?
(A) Establish a theory of probable cause
(B) Document the issue
(C) Establish a plan of action to resolve the problem
(D) Gather information by asking questions
Explanation 123. Gather information by asking questions is

the correct answer.
The information you have at hand is not sufficient to come up
with a solution. In this case, the first troubleshooting step would
be to talk to your co-worker and gather more information
about the problem
All the other answers are valid troubleshooting steps but only
after the information gathering has been completed.
Question 124. Which of the following tools can you use to per-
form manual DNS lookups? Assuming you are working on a
Linux environment. (Choose all that apply)
176
(A) route
(B) pathping
(C) dig
(D) nslookup
(E) ifconfig
Explanation 124. dig and nslookup are the correct answers.

The commands dig and nslookup can be used to perform
manual DNS lookups on a Linux system.
The command route displays or modifies the computer’s rout-

ing table.
The command pathping provides useful information about

network latency and network loss at intermediate hops be-
tween a source address and a destination address. The com-
mand pathping combines the functionality of ping with that of
tracert.
The command ifconfig displays your IP address in Linux sys-

tems. The command ifconfig can also be used to configure,
disable and enable a network interface.
Question 125. Which of the following steps is the final step in

the network troubleshooting process?
177
(A) Verify full system functionality and, if applicable, imple-
ment preventive measures
(B) Implement the solution or escalate as necessary
(C) Document findings, actions, and outcomes
(D) Establish a plan of action to resolve the problem and
identify potential effects
Explanation 125. Document findings, actions, and out-

comes is the correct answer.
The steps you need to follow in order to troubleshoot any net-
work is as follow:
1. Identify the problem
2. Establish a theory of probable cause
3. Test the theory to determine the cause
4. Establish a plan of action to resolve the problem and identify
potential effects
5. Implement the solution or escalate as necessary
6. Verify full system functionality and, if applicable, implement
preventive measures
7. Document findings, actions, and outcomes
178
THE END
179

CompTIA Network+ (N10-007)

Uploaded by

Copyright:

Available Formats

CompTIA Network+ (N10-007)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CompTIA Network+ (N10-007)

Uploaded by

Copyright:

Available Formats

Exam Content

1.0: Networking Concepts (23%)

Question 1. You are responsible to install a new wired network

Question 2. Given the Decimal mask: 255.255.192.0. Which of

Question 3. Given the Decimal mask: 255.255.128.0. Which of

Question 4. Given the Binary mask:

Question 5. Which of the following subnet masks is the default

Question 6. Which of the following subnet masks is the default

Question 8. Which of the following addresses are not valid

Question 9. Physical network topology is a higher-level idea of

Question 11. TCP doesn’t establish a session between the

Question 12. Given the following DNS Records, which one is

Question 14. Which of the following wireless topology is nor-

Question 15. Which of the following is a computer network in

Question 16. The protocol that uses the port 68 is called

Question 17. Which of the following protocols uses the port 22

Question 18. Which of the following protocols uses the port

Question 19. A broadcast address is an IP address that you

Question 21. Which of the following statements are true about

Question 22. You have been tasked to create a wired topology

Question 23. You have been tasked to create a wired topology

Question 24. Which of the following statements are consid-

Question 26. Which of the following IEEE 802.11 Wi-Fi stan-

Question 27. Which of the following cloud services requires

Question 28. Network Address Translation (NAT) is designed

Question 29. Which of the following performance concepts

Question 30. Which of the following performance concepts is

Question 32. Choose the shortest valid abbreviation for the

Question 33. A common use case scenario using

Question 35. Assuming you are working on a Windows envi-

Question 37. Which of the following is a proprietary protocol

Question 38. Which of the following protocols is used to re-

Question 1. You are responsible to install a new wired network

Explanation 1. Star Topology is the correct answer.

Bus Topology and Ring Topology are incorrect because they

Question 2. Given the Decimal mask: 255.255.192.0. Which of

Binary Mask Decimal Number of

Question 3. Given the Decimal mask: 255.255.128.0. Which of

Question 4. Given the Binary mask:

Binary Mask Decimal Number of

Question 5. Which of the following subnet masks is the default

Explanation 5. 255.255.255.0 is the correct answer.

Class B networks have the first octet in the range of 128–191

Class C networks have the first octet in the range of 192–223

In this case, the IP address 204.203.202.201 is a Class C

Question 6. Which of the following subnet masks is the default

Explanation 6. 255.0.0.0 is the correct answer.

Class B networks have the first octet in the range of 128–191

Class C networks have the first octet in the range of 192–223

In this case, the IP address 55.44.22.11 is a Class A network

Question 7. At which two OSI layers can a switch operate?

Explanation 7. Layer 2 and Layer 3 are the correct answers.

Devices or components that operate at Layer 1 typically are

The components from Layer 4 to Layer 7 are software-based,

Question 8. Which of the following addresses are not valid

Invalid Class A network IDs are:

The network 140.0.0.0 is a Class B network ID.

Question 9. Physical network topology is a higher-level idea of

Explanation 9. FALSE is the correct answer.

Question 10. Which of the following 802.11 wireless standards